diff --git a/tools/vagrant/systemvm/scripts/etc/apache2/httpd.conf b/tools/vagrant/systemvm/scripts/etc/apache2/httpd.conf
deleted file mode 100755
index 0565a8c302d..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/apache2/httpd.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-SSLProtocol -ALL +SSLv3 +TLSv1
-SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
diff --git a/tools/vagrant/systemvm/scripts/etc/apache2/ports.conf b/tools/vagrant/systemvm/scripts/etc/apache2/ports.conf
deleted file mode 100755
index 369cb295e00..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/apache2/ports.conf
+++ /dev/null
@@ -1,23 +0,0 @@
-# If you just change the port or add more ports here, you will likely also
-# have to change the VirtualHost statement in
-# /etc/apache2/sites-enabled/000-default
-# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
-# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
-# README.Debian.gz
-
-NameVirtualHost 10.1.1.1:80
-Listen 10.1.1.1:80
-
-
- # If you add NameVirtualHost *:443 here, you will also have to change
- # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
- # to
- # Server Name Indication for SSL named virtual hosts is currently not
- # supported by MSIE on Windows XP.
- Listen 10.1.1.1:443
-
-
-
- Listen 10.1.1.1:443
-
-
diff --git a/tools/vagrant/systemvm/scripts/etc/apache2/sites-available/default b/tools/vagrant/systemvm/scripts/etc/apache2/sites-available/default
deleted file mode 100755
index ae009b71ca2..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/apache2/sites-available/default
+++ /dev/null
@@ -1,41 +0,0 @@
-
- ServerAdmin webmaster@localhost
-
- DocumentRoot /var/www/html
-
- Options FollowSymLinks
- AllowOverride None
-
-
- Options Indexes FollowSymLinks MultiViews
- AllowOverride All
- Order allow,deny
- allow from all
-
-
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
-
- AllowOverride None
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
-
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
-
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
-
- CustomLog ${APACHE_LOG_DIR}/access.log combined
-
- Alias /doc/ "/usr/share/doc/"
-
- Options Indexes MultiViews FollowSymLinks
- AllowOverride None
- Order deny,allow
- Deny from all
- Allow from 127.0.0.0/255.0.0.0 ::1/128
-
-
-
diff --git a/tools/vagrant/systemvm/scripts/etc/apache2/sites-available/default-ssl b/tools/vagrant/systemvm/scripts/etc/apache2/sites-available/default-ssl
deleted file mode 100755
index 0eea44d0103..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/apache2/sites-available/default-ssl
+++ /dev/null
@@ -1,172 +0,0 @@
-
-
- ServerAdmin webmaster@localhost
-
- DocumentRoot /var/www/html
-
- Options FollowSymLinks
- AllowOverride None
-
-
- Options Indexes FollowSymLinks MultiViews
- AllowOverride all
- Order allow,deny
- allow from all
-
-
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
-
- AllowOverride None
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
-
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
-
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
-
- CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
-
- Alias /doc/ "/usr/share/doc/"
-
- Options Indexes MultiViews FollowSymLinks
- AllowOverride None
- Order deny,allow
- Deny from all
- Allow from 127.0.0.0/255.0.0.0 ::1/128
-
-
- # SSL Engine Switch:
- # Enable/Disable SSL for this virtual host.
- SSLEngine on
-
- # A self-signed (snakeoil) certificate can be created by installing
- # the ssl-cert package. See
- # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
- # If both key and certificate are stored in the same file, only the
- # SSLCertificateFile directive is needed.
- SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
- SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
-
- # Server Certificate Chain:
- # Point SSLCertificateChainFile at a file containing the
- # concatenation of PEM encoded CA certificates which form the
- # certificate chain for the server certificate. Alternatively
- # the referenced file can be the same as SSLCertificateFile
- # when the CA certificates are directly appended to the server
- # certificate for convinience.
- #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
-
- # Certificate Authority (CA):
- # Set the CA certificate verification path where to find CA
- # certificates for client authentication or alternatively one
- # huge file containing all of them (file must be PEM encoded)
- # Note: Inside SSLCACertificatePath you need hash symlinks
- # to point to the certificate files. Use the provided
- # Makefile to update the hash symlinks after changes.
- #SSLCACertificatePath /etc/ssl/certs/
- #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
-
- # Certificate Revocation Lists (CRL):
- # Set the CA revocation path where to find CA CRLs for client
- # authentication or alternatively one huge file containing all
- # of them (file must be PEM encoded)
- # Note: Inside SSLCARevocationPath you need hash symlinks
- # to point to the certificate files. Use the provided
- # Makefile to update the hash symlinks after changes.
- #SSLCARevocationPath /etc/apache2/ssl.crl/
- #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
-
- # Client Authentication (Type):
- # Client certificate verification type and depth. Types are
- # none, optional, require and optional_no_ca. Depth is a
- # number which specifies how deeply to verify the certificate
- # issuer chain before deciding the certificate is not valid.
- #SSLVerifyClient require
- #SSLVerifyDepth 10
-
- # Access Control:
- # With SSLRequire you can do per-directory access control based
- # on arbitrary complex boolean expressions containing server
- # variable checks and other lookup directives. The syntax is a
- # mixture between C and Perl. See the mod_ssl documentation
- # for more details.
- #
- #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
- # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
- # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
- # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
- # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
- # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
- #
-
- # SSL Engine Options:
- # Set various options for the SSL engine.
- # o FakeBasicAuth:
- # Translate the client X.509 into a Basic Authorisation. This means that
- # the standard Auth/DBMAuth methods can be used for access control. The
- # user name is the `one line' version of the client's X.509 certificate.
- # Note that no password is obtained from the user. Every entry in the user
- # file needs this password: `xxj31ZMTZzkVA'.
- # o ExportCertData:
- # This exports two additional environment variables: SSL_CLIENT_CERT and
- # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
- # server (always existing) and the client (only existing when client
- # authentication is used). This can be used to import the certificates
- # into CGI scripts.
- # o StdEnvVars:
- # This exports the standard SSL/TLS related `SSL_*' environment variables.
- # Per default this exportation is switched off for performance reasons,
- # because the extraction step is an expensive operation and is usually
- # useless for serving static content. So one usually enables the
- # exportation for CGI and SSI requests only.
- # o StrictRequire:
- # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
- # under a "Satisfy any" situation, i.e. when it applies access is denied
- # and no other module can change it.
- # o OptRenegotiate:
- # This enables optimized SSL connection renegotiation handling when SSL
- # directives are used in per-directory context.
- #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
-
- SSLOptions +StdEnvVars
-
-
- SSLOptions +StdEnvVars
-
-
- # SSL Protocol Adjustments:
- # The safe and default but still SSL/TLS standard compliant shutdown
- # approach is that mod_ssl sends the close notify alert but doesn't wait for
- # the close notify alert from client. When you need a different shutdown
- # approach you can use one of the following variables:
- # o ssl-unclean-shutdown:
- # This forces an unclean shutdown when the connection is closed, i.e. no
- # SSL close notify alert is send or allowed to received. This violates
- # the SSL/TLS standard but is needed for some brain-dead browsers. Use
- # this when you receive I/O errors because of the standard approach where
- # mod_ssl sends the close notify alert.
- # o ssl-accurate-shutdown:
- # This forces an accurate shutdown when the connection is closed, i.e. a
- # SSL close notify alert is send and mod_ssl waits for the close notify
- # alert of the client. This is 100% SSL/TLS standard compliant, but in
- # practice often causes hanging connections with brain-dead browsers. Use
- # this only for browsers where you know that their SSL implementation
- # works correctly.
- # Notice: Most problems of broken clients are also related to the HTTP
- # keep-alive facility, so you usually additionally want to disable
- # keep-alive for those clients, too. Use variable "nokeepalive" for this.
- # Similarly, one has to force some clients to use HTTP/1.0 to workaround
- # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
- # "force-response-1.0" for this.
- BrowserMatch "MSIE [2-6]" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
- # MSIE 7 and newer should be able to use keepalive
- BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
-
-
-
diff --git a/tools/vagrant/systemvm/scripts/etc/apache2/vhostexample.conf b/tools/vagrant/systemvm/scripts/etc/apache2/vhostexample.conf
deleted file mode 100755
index c1bf8ea3e5f..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/apache2/vhostexample.conf
+++ /dev/null
@@ -1,238 +0,0 @@
-
- ServerAdmin webmaster@localhost
-
- DocumentRoot /var/www/html
- ServerName cloudinternal.com
-
- Options FollowSymLinks
- AllowOverride None
-
-
- Options Indexes FollowSymLinks MultiViews
- AllowOverride All
- Order allow,deny
- allow from all
-
-
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
-
- AllowOverride None
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
-
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
-
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
-
- CustomLog ${APACHE_LOG_DIR}/access.log combined
-
- Alias /doc/ "/usr/share/doc/"
-
- Options Indexes MultiViews FollowSymLinks
- AllowOverride None
- Order deny,allow
- Deny from all
- Allow from 127.0.0.0/255.0.0.0 ::1/128
-
-
-
-
-
-
- ServerAdmin webmaster@localhost
-
- DocumentRoot /var/www/html
- ServerName cloudinternal.com
-
- Options FollowSymLinks
- AllowOverride None
-
-
- Options Indexes FollowSymLinks MultiViews
- AllowOverride all
- Order allow,deny
- allow from all
-
-
- ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
-
- AllowOverride None
- Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
- Order allow,deny
- Allow from all
-
-
- ErrorLog ${APACHE_LOG_DIR}/error.log
-
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
-
- CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
-
- Alias /doc/ "/usr/share/doc/"
-
- Options Indexes MultiViews FollowSymLinks
- AllowOverride None
- Order deny,allow
- Deny from all
- Allow from 127.0.0.0/255.0.0.0 ::1/128
-
-
- # SSL Engine Switch:
- # Enable/Disable SSL for this virtual host.
- SSLEngine on
-
- # A self-signed (snakeoil) certificate can be created by installing
- # the ssl-cert package. See
- # /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
- # If both key and certificate are stored in the same file, only the
- # SSLCertificateFile directive is needed.
- SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
- SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
-
- # Server Certificate Chain:
- # Point SSLCertificateChainFile at a file containing the
- # concatenation of PEM encoded CA certificates which form the
- # certificate chain for the server certificate. Alternatively
- # the referenced file can be the same as SSLCertificateFile
- # when the CA certificates are directly appended to the server
- # certificate for convinience.
- #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
-
- # Certificate Authority (CA):
- # Set the CA certificate verification path where to find CA
- # certificates for client authentication or alternatively one
- # huge file containing all of them (file must be PEM encoded)
- # Note: Inside SSLCACertificatePath you need hash symlinks
- # to point to the certificate files. Use the provided
- # Makefile to update the hash symlinks after changes.
- #SSLCACertificatePath /etc/ssl/certs/
- #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
-
- # Certificate Revocation Lists (CRL):
- # Set the CA revocation path where to find CA CRLs for client
- # authentication or alternatively one huge file containing all
- # of them (file must be PEM encoded)
- # Note: Inside SSLCARevocationPath you need hash symlinks
- # to point to the certificate files. Use the provided
- # Makefile to update the hash symlinks after changes.
- #SSLCARevocationPath /etc/apache2/ssl.crl/
- #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
-
- # Client Authentication (Type):
- # Client certificate verification type and depth. Types are
- # none, optional, require and optional_no_ca. Depth is a
- # number which specifies how deeply to verify the certificate
- # issuer chain before deciding the certificate is not valid.
- #SSLVerifyClient require
- #SSLVerifyDepth 10
-
- # Access Control:
- # With SSLRequire you can do per-directory access control based
- # on arbitrary complex boolean expressions containing server
- # variable checks and other lookup directives. The syntax is a
- # mixture between C and Perl. See the mod_ssl documentation
- # for more details.
- #
- #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
- # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
- # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
- # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
- # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
- # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
- #
-
- # SSL Engine Options:
- # Set various options for the SSL engine.
- # o FakeBasicAuth:
- # Translate the client X.509 into a Basic Authorisation. This means that
- # the standard Auth/DBMAuth methods can be used for access control. The
- # user name is the `one line' version of the client's X.509 certificate.
- # Note that no password is obtained from the user. Every entry in the user
- # file needs this password: `xxj31ZMTZzkVA'.
- # o ExportCertData:
- # This exports two additional environment variables: SSL_CLIENT_CERT and
- # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
- # server (always existing) and the client (only existing when client
- # authentication is used). This can be used to import the certificates
- # into CGI scripts.
- # o StdEnvVars:
- # This exports the standard SSL/TLS related `SSL_*' environment variables.
- # Per default this exportation is switched off for performance reasons,
- # because the extraction step is an expensive operation and is usually
- # useless for serving static content. So one usually enables the
- # exportation for CGI and SSI requests only.
- # o StrictRequire:
- # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
- # under a "Satisfy any" situation, i.e. when it applies access is denied
- # and no other module can change it.
- # o OptRenegotiate:
- # This enables optimized SSL connection renegotiation handling when SSL
- # directives are used in per-directory context.
- #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
-
- SSLOptions +StdEnvVars
-
-
- SSLOptions +StdEnvVars
-
-
- # SSL Protocol Adjustments:
- # The safe and default but still SSL/TLS standard compliant shutdown
- # approach is that mod_ssl sends the close notify alert but doesn't wait for
- # the close notify alert from client. When you need a different shutdown
- # approach you can use one of the following variables:
- # o ssl-unclean-shutdown:
- # This forces an unclean shutdown when the connection is closed, i.e. no
- # SSL close notify alert is send or allowed to received. This violates
- # the SSL/TLS standard but is needed for some brain-dead browsers. Use
- # this when you receive I/O errors because of the standard approach where
- # mod_ssl sends the close notify alert.
- # o ssl-accurate-shutdown:
- # This forces an accurate shutdown when the connection is closed, i.e. a
- # SSL close notify alert is send and mod_ssl waits for the close notify
- # alert of the client. This is 100% SSL/TLS standard compliant, but in
- # practice often causes hanging connections with brain-dead browsers. Use
- # this only for browsers where you know that their SSL implementation
- # works correctly.
- # Notice: Most problems of broken clients are also related to the HTTP
- # keep-alive facility, so you usually additionally want to disable
- # keep-alive for those clients, too. Use variable "nokeepalive" for this.
- # Similarly, one has to force some clients to use HTTP/1.0 to workaround
- # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
- # "force-response-1.0" for this.
- BrowserMatch "MSIE [2-6]" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
- # MSIE 7 and newer should be able to use keepalive
- BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
-
-
-
-# If you just change the port or add more ports here, you will likely also
-# have to change the VirtualHost statement in
-# /etc/apache2/sites-enabled/000-default
-# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
-# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
-# README.Debian.gz
-
-Listen 10.1.1.1:80
-
-
- # If you add NameVirtualHost *:443 here, you will also have to change
- # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
- # to
- # Server Name Indication for SSL named virtual hosts is currently not
- # supported by MSIE on Windows XP.
- Listen 10.1.1.1:443
-
-
-
- Listen 10.1.1.1:443
-
-
diff --git a/tools/vagrant/systemvm/scripts/etc/cloud-nic.rules b/tools/vagrant/systemvm/scripts/etc/cloud-nic.rules
deleted file mode 100755
index 56e74ec4e9d..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/cloud-nic.rules
+++ /dev/null
@@ -1,2 +0,0 @@
-SUBSYSTEM=="net" KERNEL=="eth*" RUN+="/opt/cloud/bin/cloud-nic.sh $env{ACTION} %k"
-
diff --git a/tools/vagrant/systemvm/scripts/etc/cron.daily/cloud-cleanup b/tools/vagrant/systemvm/scripts/etc/cron.daily/cloud-cleanup
deleted file mode 100755
index 9d254d3fbb4..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/cron.daily/cloud-cleanup
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/bin/sh
-# /etc/cron.daily/cloud-cleanup: cleanup old cloudstack logs
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-cd /
-output=$(find /var/log/cloud -mtime +7 -size +1M -exec rm -v '{}' \; )
-logger -t cloud "cloud-cleanup cronjob: cleaning up logfiles in /var/log/cloud older than 7 days and more than 1M in size"
-
-[ "$output" != "" ] && logger -t cloud $output
-[ -z "$output" ] && logger -t cloud "No files removed"
-
-exit 0
diff --git a/tools/vagrant/systemvm/scripts/etc/default/cloud b/tools/vagrant/systemvm/scripts/etc/default/cloud
deleted file mode 100755
index 0b85c63f71e..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/default/cloud
+++ /dev/null
@@ -1,19 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-#set ENABLED to 1 if you want the init script to start the password server
-ENABLED=0
diff --git a/tools/vagrant/systemvm/scripts/etc/default/cloud-passwd-srvr b/tools/vagrant/systemvm/scripts/etc/default/cloud-passwd-srvr
deleted file mode 100755
index 0b85c63f71e..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/default/cloud-passwd-srvr
+++ /dev/null
@@ -1,19 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-#set ENABLED to 1 if you want the init script to start the password server
-ENABLED=0
diff --git a/tools/vagrant/systemvm/scripts/etc/dnsmasq.conf.tmpl b/tools/vagrant/systemvm/scripts/etc/dnsmasq.conf.tmpl
deleted file mode 100755
index 447e74827d6..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/dnsmasq.conf.tmpl
+++ /dev/null
@@ -1,638 +0,0 @@
-# Configuration file for dnsmasq.
-#
-# Format is one option per line, legal options are the same
-# as the long options legal on the command line. See
-# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
-
-# Listen on this specific port instead of the standard DNS port
-# (53). Setting this to zero completely disables DNS function,
-# leaving only DHCP and/or TFTP.
-#port=5353
-
-# The following two options make you a better netizen, since they
-# tell dnsmasq to filter out queries which the public DNS cannot
-# answer, and which load the servers (especially the root servers)
-# unnecessarily. If you have a dial-on-demand link they also stop
-# these requests from bringing up the link unnecessarily.
-
-# Never forward plain names (without a dot or domain part)
-domain-needed
-# Never forward addresses in the non-routed address spaces.
-bogus-priv
-
-
-# Uncomment this to filter useless windows-originated DNS requests
-# which can trigger dial-on-demand links needlessly.
-# Note that (amongst other things) this blocks all SRV requests,
-# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
-# This option only affects forwarding, SRV records originating for
-# dnsmasq (via srv-host= lines) are not suppressed by it.
-# filterwin2k
-
-# Change this line if you want dns to get its upstream servers from
-# somewhere other that /etc/resolv.conf
-resolv-file=/etc/dnsmasq-resolv.conf
-
-# By default, dnsmasq will send queries to any of the upstream
-# servers it knows about and tries to favour servers to are known
-# to be up. Uncommenting this forces dnsmasq to try each query
-# with each server strictly in the order they appear in
-# /etc/resolv.conf
-#strict-order
-
-# If you don't want dnsmasq to read /etc/resolv.conf or any other
-# file, getting its servers from this file instead (see below), then
-# uncomment this.
-#no-resolv
-
-# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
-# files for changes and re-read them then uncomment this.
-#no-poll
-
-# Add other name servers here, with domain specs if they are for
-# non-public domains.
-#server=/localnet/192.168.0.1
-
-# Example of routing PTR queries to nameservers: this will send all
-# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
-#server=/3.168.192.in-addr.arpa/10.1.2.3
-
-# Add local-only domains here, queries in these domains are answered
-# from /etc/hosts or DHCP only.
-local=/2.vmops-test.vmops.com/
-
-# Add domains which you want to force to an IP address here.
-# The example below send any host in double-click.net to a local
-# web-server.
-#address=/double-click.net/127.0.0.1
-
-# --address (and --server) work with IPv6 addresses too.
-#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
-
-# You can control how dnsmasq talks to a server: this forces
-# queries to 10.1.2.3 to be routed via eth1
-# server=10.1.2.3@eth1
-
-# and this sets the source (ie local) address used to talk to
-# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
-# IP on the machine, obviously).
-# server=10.1.2.3@192.168.1.1#55
-
-# If you want dnsmasq to change uid and gid to something other
-# than the default, edit the following lines.
-#user=
-#group=
-
-# If you want dnsmasq to listen for DHCP and DNS requests only on
-# specified interfaces (and the loopback) give the name of the
-# interface (eg eth0) here.
-# Repeat the line for more than one interface.
-interface=eth0
-# Or you can specify which interface _not_ to listen on
-except-interface=eth1
-except-interface=eth2
-except-interface=lo
-# Or which to listen on by address (remember to include 127.0.0.1 if
-# you use this.)
-#listen-address=
-# If you want dnsmasq to provide only DNS service on an interface,
-# configure it as shown above, and then use the following line to
-# disable DHCP and TFTP on it.
-no-dhcp-interface=eth1
-no-dhcp-interface=eth2
-
-# On systems which support it, dnsmasq binds the wildcard address,
-# even when it is listening on only some interfaces. It then discards
-# requests that it shouldn't reply to. This has the advantage of
-# working even when interfaces come and go and change address. If you
-# want dnsmasq to really bind only the interfaces it is listening on,
-# uncomment this option. About the only time you may need this is when
-# running another nameserver on the same machine.
-bind-interfaces
-
-# If you don't want dnsmasq to read /etc/hosts, uncomment the
-# following line.
-#no-hosts
-# or if you want it to read another file, as well as /etc/hosts, use
-# this.
-#addn-hosts=/etc/banner_add_hosts
-
-# Set this (and domain: see below) if you want to have a domain
-# automatically added to simple names in a hosts-file.
-expand-hosts
-
-# Set the domain for dnsmasq. this is optional, but if it is set, it
-# does the following things.
-# 1) Allows DHCP hosts to have fully qualified domain names, as long
-# as the domain part matches this setting.
-# 2) Sets the "domain" DHCP option thereby potentially setting the
-# domain of all systems configured by DHCP
-# 3) Provides the domain part for "expand-hosts"
-domain=2.vmops-test.vmops.com
-
-# Set a different domain for a particular subnet
-#domain=wireless.thekelleys.org.uk,192.168.2.0/24
-
-# Same idea, but range rather then subnet
-#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
-
-# Uncomment this to enable the integrated DHCP server, you need
-# to supply the range of addresses available for lease and optionally
-# a lease time. If you have more than one network, you will need to
-# repeat this for each network on which you want to supply DHCP
-# service.
-dhcp-range_ip4=10.1.1.1,static
-dhcp-range_ip6=::1,static
-dhcp-hostsfile=/etc/dhcphosts.txt
-
-# This is an example of a DHCP range where the netmask is given. This
-# is needed for networks we reach the dnsmasq DHCP server via a relay
-# agent. If you don't know what a DHCP relay agent is, you probably
-# don't need to worry about this.
-#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
-
-# This is an example of a DHCP range which sets a tag, so that
-# some DHCP options may be set only for this network.
-#dhcp-range=set:red,192.168.0.50,192.168.0.150
-
-# Use this DHCP range only when the tag "green" is set.
-#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
-
-# Specify a subnet which can't be used for dynamic address allocation,
-# is available for hosts with matching --dhcp-host lines. Note that
-# dhcp-host declarations will be ignored unless there is a dhcp-range
-# of some type for the subnet in question.
-# In this case the netmask is implied (it comes from the network
-# configuration on the machine running dnsmasq) it is possible to give
-# an explicit netmask instead.
-#dhcp-range=192.168.0.0,static
-
-# Enable DHCPv6. Note that the prefix-length does not need to be specified
-# and defaults to 64 if missing/
-#dhcp-range=1234::2, 1234::500, 64, 12h
-
-# Do Router Advertisements, BUT NOT DHCP for this subnet.
-#dhcp-range=1234::, ra-only
-
-# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
-# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
-# hosts. Use the DHCPv4 lease to derive the name, network segment and
-# MAC address and assume that the host will also have an
-# IPv6 address calculated using the SLAAC alogrithm.
-#dhcp-range=1234::, ra-names
-
-# Do Router Advertisements, BUT NOT DHCP for this subnet.
-# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
-#dhcp-range=1234::, ra-only, 48h
-
-# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
-# so that clients can use SLAAC addresses as well as DHCP ones.
-#dhcp-range=1234::2, 1234::500, slaac
-
-# Do Router Advertisements and stateless DHCP for this subnet. Clients will
-# not get addresses from DHCP, but they will get other configuration information.
-# They will use SLAAC for addresses.
-#dhcp-range=1234::, ra-stateless
-
-# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
-# from DHCPv4 leases.
-#dhcp-range=1234::, ra-stateless, ra-names
-
-# Do router advertisements for all subnets where we're doing DHCPv6
-# Unless overriden by ra-stateless, ra-names, et al, the router
-# advertisements will have the M and O bits set, so that the clients
-# get addresses and configuration from DHCPv6, and the A bit reset, so the
-# clients don't use SLAAC addresses.
-#enable-ra
-
-# Supply parameters for specified hosts using DHCP. There are lots
-# of valid alternatives, so we will give examples of each. Note that
-# IP addresses DO NOT have to be in the range given above, they just
-# need to be on the same network. The order of the parameters in these
-# do not matter, it's permissible to give name, address and MAC in any
-# order.
-
-# Always allocate the host with Ethernet address 11:22:33:44:55:66
-# The IP address 192.168.0.60
-#dhcp-host=11:22:33:44:55:66,192.168.0.60
-
-# Always set the name of the host with hardware address
-# 11:22:33:44:55:66 to be "fred"
-#dhcp-host=11:22:33:44:55:66,fred
-
-# Always give the host with Ethernet address 11:22:33:44:55:66
-# the name fred and IP address 192.168.0.60 and lease time 45 minutes
-#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
-
-# Give a host with Ethernet address 11:22:33:44:55:66 or
-# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
-# that these two Ethernet interfaces will never be in use at the same
-# time, and give the IP address to the second, even if it is already
-# in use by the first. Useful for laptops with wired and wireless
-# addresses.
-#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
-
-# Give the machine which says its name is "bert" IP address
-# 192.168.0.70 and an infinite lease
-#dhcp-host=bert,192.168.0.70,infinite
-
-# Always give the host with client identifier 01:02:02:04
-# the IP address 192.168.0.60
-#dhcp-host=id:01:02:02:04,192.168.0.60
-
-# Always give the host with client identifier "marjorie"
-# the IP address 192.168.0.60
-#dhcp-host=id:marjorie,192.168.0.60
-
-# Enable the address given for "judge" in /etc/hosts
-# to be given to a machine presenting the name "judge" when
-# it asks for a DHCP lease.
-#dhcp-host=judge
-
-# Never offer DHCP service to a machine whose Ethernet
-# address is 11:22:33:44:55:66
-#dhcp-host=11:22:33:44:55:66,ignore
-
-# Ignore any client-id presented by the machine with Ethernet
-# address 11:22:33:44:55:66. This is useful to prevent a machine
-# being treated differently when running under different OS's or
-# between PXE boot and OS boot.
-#dhcp-host=11:22:33:44:55:66,id:*
-
-# Send extra options which are tagged as "red" to
-# the machine with Ethernet address 11:22:33:44:55:66
-#dhcp-host=11:22:33:44:55:66,set:red
-
-# Send extra options which are tagged as "red" to
-# any machine with Ethernet address starting 11:22:33:
-#dhcp-host=11:22:33:*:*:*,set:red
-
-# Give a fixed IPv6 address and name to client with
-# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
-# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
-# Note also the they [] around the IPv6 address are obilgatory.
-#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
-
-# Ignore any clients which are not specified in dhcp-host lines
-# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
-# This relies on the special "known" tag which is set when
-# a host is matched.
-#
-# When using bridged networks in ACS this prevents ack to DHCPINFORM etc. request
-dhcp-ignore=tag:!known
-
-# Send extra options which are tagged as "red" to any machine whose
-# DHCP vendorclass string includes the substring "Linux"
-#dhcp-vendorclass=set:red,Linux
-
-# Send extra options which are tagged as "red" to any machine one
-# of whose DHCP userclass strings includes the substring "accounts"
-#dhcp-userclass=set:red,accounts
-
-# Send extra options which are tagged as "red" to any machine whose
-# MAC address matches the pattern.
-#dhcp-mac=set:red,00:60:8C:*:*:*
-
-# If this line is uncommented, dnsmasq will read /etc/ethers and act
-# on the ethernet-address/IP pairs found there just as if they had
-# been given as --dhcp-host options. Useful if you keep
-# MAC-address/host mappings there for other purposes.
-#read-ethers
-
-# Send options to hosts which ask for a DHCP lease.
-# See RFC 2132 for details of available options.
-# Common options can be given to dnsmasq by name:
-# run "dnsmasq --help dhcp" to get a list.
-# Note that all the common settings, such as netmask and
-# broadcast address, DNS server and default route, are given
-# sane defaults by dnsmasq. You very likely will not need
-# any dhcp-options. If you use Windows clients and Samba, there
-# are some options which are recommended, they are detailed at the
-# end of this section.
-
-# Override the default route supplied by dnsmasq, which assumes the
-# router is the same machine as the one running dnsmasq.
-#dhcp-option=3,1.2.3.4
-
-# Do the same thing, but using the option name
-#dhcp-option=option:router,1.2.3.4
-
-# Override the default route supplied by dnsmasq and send no default
-# route at all. Note that this only works for the options sent by
-# default (1, 3, 6, 12, 28) the same line will send a zero-length option
-# for all other option numbers.
-#dhcp-option=3
-
-# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
-#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
-
-# Send DHCPv6 option. Note [] around IPv6 addresses.
-#dhcp-option=option6:dns-server,[1234::77],[1234::88]
-
-# Send DHCPv6 option for namservers as the machine running
-# dnsmasq and another.
-#dhcp-option=option6:dns-server,[::],[1234::88]
-
-# Set the NTP time server address to be the same machine as
-# is running dnsmasq
-#dhcp-option=42,0.0.0.0
-
-# Set the NIS domain name to "welly"
-#dhcp-option=40,welly
-
-# Set the default time-to-live to 50
-#dhcp-option=23,50
-
-# Set the "all subnets are local" flag
-#dhcp-option=27,1
-
-# Set the domain
-dhcp-option=15,"2.vmops-test.vmops.com"
-
-# Send the etherboot magic flag and then etherboot options (a string).
-#dhcp-option=128,e4:45:74:68:00:00
-#dhcp-option=129,NIC=eepro100
-
-# Specify an option which will only be sent to the "red" network
-# (see dhcp-range for the declaration of the "red" network)
-# Note that the tag: part must precede the option: part.
-#dhcp-option = tag:red, option:ntp-server, 192.168.1.1
-
-# The following DHCP options set up dnsmasq in the same way as is specified
-# for the ISC dhcpcd in
-# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
-# adapted for a typical dnsmasq installation where the host running
-# dnsmasq is also the host running samba.
-# you may want to uncomment some or all of them if you use
-# Windows clients and Samba.
-#dhcp-option=19,0 # option ip-forwarding off
-#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
-#dhcp-option=45,0.0.0.0 # netbios datagram distribution server
-#dhcp-option=46,8 # netbios node type
-
-# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
-#dhcp-option=252,"\n"
-
-# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
-# probably doesn't support this......
-#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
-
-# Send RFC-3442 classless static routes (note the netmask encoding)
-#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
-
-# Send vendor-class specific options encapsulated in DHCP option 43.
-# The meaning of the options is defined by the vendor-class so
-# options are sent only when the client supplied vendor class
-# matches the class given here. (A substring match is OK, so "MSFT"
-# matches "MSFT" and "MSFT 5.0"). This example sets the
-# mtftp address to 0.0.0.0 for PXEClients.
-#dhcp-option=vendor:PXEClient,1,0.0.0.0
-
-# Send microsoft-specific option to tell windows to release the DHCP lease
-# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
-# value as a four-byte integer - that's what microsoft wants. See
-# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
-dhcp-option=vendor:MSFT,2,1i
-
-# Send the Encapsulated-vendor-class ID needed by some configurations of
-# Etherboot to allow is to recognise the DHCP server.
-#dhcp-option=vendor:Etherboot,60,"Etherboot"
-
-# Send options to PXELinux. Note that we need to send the options even
-# though they don't appear in the parameter request list, so we need
-# to use dhcp-option-force here.
-# See http://syslinux.zytor.com/pxe.php#special for details.
-# Magic number - needed before anything else is recognised
-#dhcp-option-force=208,f1:00:74:7e
-# Configuration file name
-#dhcp-option-force=209,configs/common
-# Path prefix
-#dhcp-option-force=210,/tftpboot/pxelinux/files/
-# Reboot time. (Note 'i' to send 32-bit value)
-#dhcp-option-force=211,30i
-
-# Set the boot filename for netboot/PXE. You will only need
-# this is you want to boot machines over the network and you will need
-# a TFTP server; either dnsmasq's built in TFTP server or an
-# external one. (See below for how to enable the TFTP server.)
-#dhcp-boot=pxelinux.0
-
-# The same as above, but use custom tftp-server instead machine running dnsmasq
-#dhcp-boot=pxelinux,server.name,192.168.1.100
-
-# Boot for Etherboot gPXE. The idea is to send two different
-# filenames, the first loads gPXE, and the second tells gPXE what to
-# load. The dhcp-match sets the gpxe tag for requests from gPXE.
-#dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
-#dhcp-boot=tag:!gpxe,undionly.kpxe
-#dhcp-boot=mybootimage
-
-# Encapsulated options for Etherboot gPXE. All the options are
-# encapsulated within option 175
-#dhcp-option=encap:175, 1, 5b # priority code
-#dhcp-option=encap:175, 176, 1b # no-proxydhcp
-#dhcp-option=encap:175, 177, string # bus-id
-#dhcp-option=encap:175, 189, 1b # BIOS drive code
-#dhcp-option=encap:175, 190, user # iSCSI username
-#dhcp-option=encap:175, 191, pass # iSCSI password
-
-# Test for the architecture of a netboot client. PXE clients are
-# supposed to send their architecture as option 93. (See RFC 4578)
-#dhcp-match=peecees, option:client-arch, 0 #x86-32
-#dhcp-match=itanics, option:client-arch, 2 #IA64
-#dhcp-match=hammers, option:client-arch, 6 #x86-64
-#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
-
-# Do real PXE, rather than just booting a single file, this is an
-# alternative to dhcp-boot.
-#pxe-prompt="What system shall I netboot?"
-# or with timeout before first available action is taken:
-#pxe-prompt="Press F8 for menu.", 60
-
-# Available boot services. for PXE.
-#pxe-service=x86PC, "Boot from local disk"
-
-# Loads /pxelinux.0 from dnsmasq TFTP server.
-#pxe-service=x86PC, "Install Linux", pxelinux
-
-# Loads /pxelinux.0 from TFTP server at 1.2.3.4.
-# Beware this fails on old PXE ROMS.
-#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
-
-# Use bootserver on network, found my multicast or broadcast.
-#pxe-service=x86PC, "Install windows from RIS server", 1
-
-# Use bootserver at a known IP address.
-#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
-
-# If you have multicast-FTP available,
-# information for that can be passed in a similar way using options 1
-# to 5. See page 19 of
-# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
-
-
-# Enable dnsmasq's built-in TFTP server
-#enable-tftp
-
-# Set the root directory for files available via FTP.
-#tftp-root=/var/ftpd
-
-# Make the TFTP server more secure: with this set, only files owned by
-# the user dnsmasq is running as will be send over the net.
-#tftp-secure
-
-# This option stops dnsmasq from negotiating a larger blocksize for TFTP
-# transfers. It will slow things down, but may rescue some broken TFTP
-# clients.
-#tftp-no-blocksize
-
-# Set the boot file name only when the "red" tag is set.
-#dhcp-boot=net:red,pxelinux.red-net
-
-# An example of dhcp-boot with an external TFTP server: the name and IP
-# address of the server are given after the filename.
-# Can fail with old PXE ROMS. Overridden by --pxe-service.
-#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
-
-# If there are multiple external tftp servers having a same name
-# (using /etc/hosts) then that name can be specified as the
-# tftp_servername (the third option to dhcp-boot) and in that
-# case dnsmasq resolves this name and returns the resultant IP
-# addresses in round robin fasion. This facility can be used to
-# load balance the tftp load among a set of servers.
-#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
-
-# Set the limit on DHCP leases, the default is 150
-dhcp-lease-max=2100
-
-# The DHCP server needs somewhere on disk to keep its lease database.
-# This defaults to a sane location, but if you want to change it, use
-# the line below.
-#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
-leasefile-ro
-
-# Set the DHCP server to authoritative mode. In this mode it will barge in
-# and take over the lease for any client which broadcasts on the network,
-# whether it has a record of the lease or not. This avoids long timeouts
-# when a machine wakes up on a new network. DO NOT enable this if there's
-# the slightest chance that you might end up accidentally configuring a DHCP
-# server for your campus/company accidentally. The ISC server uses
-# the same option, and this URL provides more information:
-# http://www.isc.org/files/auth.html
-#dhcp-authoritative
-
-# Run an executable when a DHCP lease is created or destroyed.
-# The arguments sent to the script are "add" or "del",
-# then the MAC address, the IP address and finally the hostname
-# if there is one.
-#dhcp-script=/bin/echo
-
-# Set the cachesize here.
-#cache-size=150
-
-# If you want to disable negative caching, uncomment this.
-#no-negcache
-
-# Normally responses which come form /etc/hosts and the DHCP lease
-# file have Time-To-Live set as zero, which conventionally means
-# do not cache further. If you are happy to trade lower load on the
-# server for potentially stale date, you can set a time-to-live (in
-# seconds) here.
-#local-ttl=
-
-# If you want dnsmasq to detect attempts by Verisign to send queries
-# to unregistered .com and .net hosts to its sitefinder service and
-# have dnsmasq instead return the correct NXDOMAIN response, uncomment
-# this line. You can add similar lines to do the same for other
-# registries which have implemented wildcard A records.
-#bogus-nxdomain=64.94.110.11
-
-# If you want to fix up DNS results from upstream servers, use the
-# alias option. This only works for IPv4.
-# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
-#alias=1.2.3.4,5.6.7.8
-# and this maps 1.2.3.x to 5.6.7.x
-#alias=1.2.3.0,5.6.7.0,255.255.255.0
-# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
-#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
-
-# Change these lines if you want dnsmasq to serve MX records.
-
-# Return an MX record named "maildomain.com" with target
-# servermachine.com and preference 50
-#mx-host=maildomain.com,servermachine.com,50
-
-# Set the default target for MX records created using the localmx option.
-#mx-target=servermachine.com
-
-# Return an MX record pointing to the mx-target for all local
-# machines.
-#localmx
-
-# Return an MX record pointing to itself for all local machines.
-#selfmx
-
-# Change the following lines if you want dnsmasq to serve SRV
-# records. These are useful if you want to serve ldap requests for
-# Active Directory and other windows-originated DNS requests.
-# See RFC 2782.
-# You may add multiple srv-host lines.
-# The fields are ,,,,
-# If the domain part if missing from the name (so that is just has the
-# service and protocol sections) then the domain given by the domain=
-# config option is used. (Note that expand-hosts does not need to be
-# set for this to work.)
-
-# A SRV record sending LDAP for the example.com domain to
-# ldapserver.example.com port 389
-#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
-
-# A SRV record sending LDAP for the example.com domain to
-# ldapserver.example.com port 389 (using domain=)
-#domain=example.com
-#srv-host=_ldap._tcp,ldapserver.example.com,389
-
-# Two SRV records for LDAP, each with different priorities
-#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
-#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
-
-# A SRV record indicating that there is no LDAP server for the domain
-# example.com
-#srv-host=_ldap._tcp.example.com
-
-# The following line shows how to make dnsmasq serve an arbitrary PTR
-# record. This is useful for DNS-SD. (Note that the
-# domain-name expansion done for SRV records _does_not
-# occur for PTR records.)
-#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
-
-# Change the following lines to enable dnsmasq to serve TXT records.
-# These are used for things like SPF and zeroconf. (Note that the
-# domain-name expansion done for SRV records _does_not
-# occur for TXT records.)
-
-#Example SPF.
-#txt-record=example.com,"v=spf1 a -all"
-
-#Example zeroconf
-#txt-record=_http._tcp.example.com,name=value,paper=A4
-
-# Provide an alias for a "local" DNS name. Note that this _only_ works
-# for targets which are names from DHCP or /etc/hosts. Give host
-# "bert" another name, bertrand
-#cname=bertand,bert
-
-# For debugging purposes, log each DNS query as it passes through
-# dnsmasq.
-#log-queries
-
-# Log lots of extra information about DHCP transactions.
-#log-dhcp
-
-log-facility=/var/log/dnsmasq.log
-
-# Include a another lot of configuration options.
-#conf-file=/etc/dnsmasq.more.conf
-conf-dir=/etc/dnsmasq.d
-
-dhcp-optsfile=/etc/dhcpopts.txt
diff --git a/tools/vagrant/systemvm/scripts/etc/haproxy/haproxy.cfg b/tools/vagrant/systemvm/scripts/etc/haproxy/haproxy.cfg
deleted file mode 100755
index 94737ac328e..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/haproxy/haproxy.cfg
+++ /dev/null
@@ -1,26 +0,0 @@
-global
- log 127.0.0.1:3914 local0 info
- chroot /var/lib/haproxy
- user haproxy
- group haproxy
- daemon
-
-defaults
- log global
- mode tcp
- option dontlognull
- retries 3
- option redispatch
- option forwardfor
- stats enable
- stats uri /admin?stats
- stats realm Haproxy\ Statistics
- stats auth admin1:AdMiN123
- option forceclose
- timeout connect 5000
- timeout client 50000
- timeout server 50000
-
-
-listen cloud-default 0.0.0.0:35999
- option transparent
diff --git a/tools/vagrant/systemvm/scripts/etc/init.d/cloud b/tools/vagrant/systemvm/scripts/etc/init.d/cloud
deleted file mode 100755
index f9a9915223e..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/init.d/cloud
+++ /dev/null
@@ -1,157 +0,0 @@
-#!/bin/bash
-### BEGIN INIT INFO
-# Provides: cloud
-# Required-Start: mountkernfs $local_fs cloud-early-config
-# Required-Stop: $local_fs
-# Should-Start:
-# Should-Stop:
-# Default-Start:
-# Default-Stop: 0 1 6
-# Short-Description: Start up the CloudStack cloud service
-### END INIT INFO
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-#set -x
-
-ENABLED=0
-[ -e /etc/default/cloud ] && . /etc/default/cloud
-
-CMDLINE=$(cat /var/cache/cloud/cmdline)
-
-if [ ! -z $CLOUD_DEBUG ];then
- LOG_FILE=/var/log/cloud/cloud.out
-else
- LOG_FILE=/dev/null
-fi
-
-TYPE="router"
-for i in $CMDLINE
- do
- # search for foo=bar pattern and cut out foo
- FIRSTPATTERN=$(echo $i | cut -d= -f1)
- case $FIRSTPATTERN in
- type)
- TYPE=$(echo $i | cut -d= -f2)
- ;;
- esac
-done
-
-# Source function library.
-if [ -f /etc/init.d/functions ]
-then
- . /etc/init.d/functions
-fi
-
-if [ -f ./lib/lsb/init-functions ]
-then
- . /lib/lsb/init-functions
-fi
-
-_success() {
- if [ -f /etc/init.d/functions ]
- then
- success
- else
- echo "Success"
- fi
-}
-
-_failure() {
- if [ -f /etc/init.d/functions ]
- then
- failure
- else
- echo "Failed"
- fi
-}
-RETVAL=$?
-CLOUDSTACK_HOME="/usr/local/cloud"
-if [ -f $CLOUDSTACK_HOME/systemvm/utils.sh ];
-then
- . $CLOUDSTACK_HOME/systemvm/utils.sh
-else
- _failure
-fi
-
-# mkdir -p /var/log/vmops
-
-start() {
- local pid=$(get_pids)
- if [ "$pid" != "" ]; then
- echo "CloudStack cloud sevice is already running, PID = $pid"
- return 0
- fi
-
- echo -n "Starting CloudStack cloud service (type=$TYPE) "
- if [ -f $CLOUDSTACK_HOME/systemvm/run.sh ];
- then
- if [ "$pid" == "" ]
- then
- (cd $CLOUDSTACK_HOME/systemvm; nohup ./run.sh > $LOG_FILE 2>&1 & )
- pid=$(get_pids)
- echo $pid > /var/run/cloud.pid
- fi
- _success
- else
- _failure
- fi
- echo
- echo 'start' > $CLOUDSTACK_HOME/systemvm/user_request
-}
-
-stop() {
- local pid
- echo -n "Stopping CloudStack cloud service (type=$TYPE): "
- for pid in $(get_pids)
- do
- kill $pid
- done
- _success
- echo
- echo 'stop' > $CLOUDSTACK_HOME/systemvm/user_request
-}
-
-status() {
- local pids=$(get_pids)
- if [ "$pids" == "" ]
- then
- echo "CloudStack cloud service is not running"
- return 1
- fi
- echo "CloudStack cloud service (type=$TYPE) is running: process id: $pids"
- return 0
-}
-
-[ "$ENABLED" != 0 ] || exit 0
-
-case "$1" in
- start) start
- ;;
- stop) stop
- ;;
- status) status
- ;;
- restart) stop
- start
- ;;
- *) echo "Usage: $0 {start|stop|status|restart}"
- exit 1
- ;;
-esac
-
-exit $RETVAL
diff --git a/tools/vagrant/systemvm/scripts/etc/init.d/cloud-early-config b/tools/vagrant/systemvm/scripts/etc/init.d/cloud-early-config
deleted file mode 100755
index f36d8cbaf06..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/init.d/cloud-early-config
+++ /dev/null
@@ -1,1500 +0,0 @@
-#!/bin/bash
-### BEGIN INIT INFO
-# Provides: cloud-early-config
-# Required-Start: mountkernfs $local_fs
-# Required-Stop: $local_fs
-# Should-Start:
-# Should-Stop:
-# Default-Start: S
-# Default-Stop: 0 6
-# Short-Description: configure according to cmdline
-### END INIT INFO
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
-#set -x
-#exec 3>&0 4>&1 > /var/log/test.log 2>&1
-#start hv_kvp daemon
-[ -f /usr/sbin/hv_kvp_daemon ] && /usr/sbin/hv_kvp_daemon
-
-# Fix haproxy directory issue
-mkdir -p /var/lib/haproxy
-
-# Clear boot up flag, it would be created by rc.local after boot up done
-rm -f /var/cache/cloud/boot_up_done
-
-[ -x /sbin/ifup ] || exit 0
-
-. /lib/lsb/init-functions
-
-log_it() {
- echo "$(date) $@" >> /var/log/cloud.log
- log_action_msg "$@"
-}
-
-init_interfaces_orderby_macs() {
- macs=( $(echo $1 | sed "s/|/ /g") )
- total_nics=${#macs[@]}
- interface_file=${2:-"/etc/network/interfaces"}
- rule_file=${3:-"/etc/udev/rules.d/70-persistent-net.rules"}
-
- echo -n "auto lo" > $interface_file
- for((i=0; i> $interface_file
- fi
- done
- cat >> $interface_file << EOF
-
-iface lo inet loopback
-
-EOF
-
- echo "" > $rule_file
- for((i=0; i < ${#macs[@]}; i++))
- do
- echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"${macs[$i]}\", NAME=\"eth$i\"" >> $rule_file
- done
-}
-
-init_interfaces() {
- if [ "$NIC_MACS" == "" ]
- then
- cat > /etc/network/interfaces << EOF
-auto lo $1 $2 $3
-iface lo inet loopback
-
-EOF
- else
- init_interfaces_orderby_macs "$NIC_MACS"
- fi
-}
-
-hypervisor() {
- [ -d /proc/xen ] && mount -t xenfs none /proc/xen
- [ -d /proc/xen ] && echo "xen-domU" && return 0
-
- local try=$([ -x /usr/sbin/virt-what ] && virt-what | tail -1)
- [ "$try" != "" ] && echo $try && return 0
-
- vmware-checkvm &> /dev/null && echo "vmware" && return 0
-
- grep -q QEMU /proc/cpuinfo && echo "kvm" && return 0
- grep -q QEMU /var/log/messages && echo "kvm" && return 0
-
- echo "unknown" && return 1
-
-}
-
-get_boot_params() {
- local EXTRA_MOUNT=/media/extra
- local hyp=$(hypervisor)
- [ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10
-
- case $hyp in
- xen-domU|xen-hvm)
- cat /proc/cmdline > /var/cache/cloud/cmdline
- sed -i "s/%/ /g" /var/cache/cloud/cmdline
- ;;
- kvm)
- if [ ! -e /dev/vport0p1 ]; then
- log_it "/dev/vport0p1 not loaded, perhaps guest kernel is too old." && exit 2
- fi
- while read line; do
- if [[ $line == cmdline:* ]]; then
- cmd=${line//cmdline:/}
- echo $cmd > /var/cache/cloud/cmdline
- elif [[ $line == pubkey:* ]]; then
- pubkey=${line//pubkey:/}
- echo $pubkey > /var/cache/cloud/authorized_keys
- echo $pubkey > /root/.ssh/authorized_keys
- fi
- done < /dev/vport0p1
- chmod go-rwx /root/.ssh/authorized_keys
- ;;
- vmware)
- vmtoolsd --cmd 'machine.id.get' > /var/cache/cloud/cmdline
- ;;
- virtualpc|hyperv)
- # Hyper-V is recognized as virtualpc hypervisor type. Boot args are passed using KVP Daemon
- #waiting for the hv_kvp_daemon to start up
- #sleep need to fix the race condition of hv_kvp_daemon and cloud-early-config
- sleep 5
- cp -f /var/opt/hyperv/.kvp_pool_0 /var/cache/cloud/cmdline
- cat /dev/null > /var/opt/hyperv/.kvp_pool_0
- ;;
- virtualbox)
- # Virtualbox is used to test the virtual router
- # get the commandline from a dmistring (yes, hacky!)
- dmidecode | grep cmdline | sed 's/^.*cmdline://' > /var/cache/cloud/cmdline
- RV=$?
- if [ $RV -ne 0 ] ; then
- log_it "Failed to get cmdline from a virtualbox dmi property"
- fi
- ;;
- esac
-
-}
-
-patch() {
- local PATCH_MOUNT=/media/cdrom
- local patchfile=$PATCH_MOUNT/cloud-scripts.tgz
- local md5file=/var/cache/cloud/cloud-scripts-signature
- local privkey=$PATCH_MOUNT/authorized_keys
- local shouldpatch=false
- local cdrom_dev=
- mkdir -p $PATCH_MOUNT
-
-
- if [ -e /dev/xvdd ]; then
- cdrom_dev=/dev/xvdd
- elif [ -e /dev/cdrom ]; then
- cdrom_dev=/dev/cdrom
- elif [ -e /dev/cdrom1 ]; then
- cdrom_dev=/dev/cdrom1
- elif [ -e /dev/cdrom2 ]; then
- cdrom_dev=/dev/cdrom2
- elif [ -e /dev/cdrom3 ]; then
- cdrom_dev=/dev/cdrom3
- fi
- [ -f /var/cache/cloud/authorized_keys ] && privkey=/var/cache/cloud/authorized_keys
-
- if [ -n "$cdrom_dev" ]; then
- mount -o ro $cdrom_dev $PATCH_MOUNT
- [ -f $privkey ] && cp -f $privkey /root/.ssh/ && chmod go-rwx /root/.ssh/authorized_keys
- local oldmd5=
- [ -f ${md5file} ] && oldmd5=$(cat ${md5file})
- local newmd5=
- [ -f ${patchfile} ] && newmd5=$(md5sum ${patchfile} | awk '{print $1}')
-
- if [ "$oldmd5" != "$newmd5" ] && [ -f ${patchfile} ] && [ "$newmd5" != "" ]
- then
- shouldpatch=true
- log_it "Patching scripts oldmd5=$oldmd5 newmd5=$newmd5"
- tar xzf $patchfile -C /
- echo ${newmd5} > ${md5file}
- fi
- log_it "Patching cloud service"
- hyperVisor=$(hypervisor)
- /opt/cloud/bin/patchsystemvm.sh $PATCH_MOUNT $hyperVisor
- umount $PATCH_MOUNT
-
- if [ "$shouldpatch" == "true" ]
- then
- log_it "Rebooting system since we patched init scripts"
- sync
- sleep 2
- reboot
- fi
- fi
- if [ -f /mnt/cmdline ]; then
- cat /mnt/cmdline > /var/cache/cloud/cmdline
- fi
- return 0
-}
-
-patch_log4j() {
-log_it "Updating log4j-cloud.xml"
-mkdir -p /usr/local/cloud/systemvm/conf
-cat << "EOF" > /usr/local/cloud/systemvm/conf/temp.xml
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-EOF
-mv /usr/local/cloud/systemvm/conf/temp.xml /usr/local/cloud/systemvm/conf/log4j-cloud.xml
-}
-setup_interface() {
- local intfnum=$1
- local ip=$2
- local mask=$3
- local gw=$4
- local force=$5
- local intf=eth${intfnum}
- local bootproto="static"
-
-
- if [ "$BOOTPROTO" == "dhcp" ]
- then
- if [ "$intfnum" != "0" ]
- then
- bootproto="dhcp"
- fi
- fi
-
- if [ "$ip" != "0.0.0.0" -a "$ip" != "" -o "$force" == "force" ]
- then
- echo "iface $intf inet $bootproto" >> /etc/network/interfaces
- if [ "$bootproto" == "static" ]
- then
- echo " address $ip " >> /etc/network/interfaces
- echo " netmask $mask" >> /etc/network/interfaces
- fi
- fi
-
- if [ "$ip" == "0.0.0.0" -o "$ip" == "" ]
- then
- ifconfig $intf down
- fi
-
- if [ "$force" == "force" ]
- then
- ifdown $intf
- else
- ifdown $intf
- if [ "$RROUTER" != "1" -o "$1" != "2" ]
- then
- ifup $intf
- timer=0
- log_it "checking that $intf has IP "
- while true
- do
- ip=$(ifconfig $intf | grep "inet addr:" | awk '{print $2}' | awk -F: '{print $2}')
- if [ -z $ip ]
- then
- sleep 1;
- #waiting for the interface to setup with ip
- log_it "waiting for $intf interface setup with ip timer=$timer"
- else
- break
- fi
-
- if [ $timer -gt 15 ]
- then
- log_it "interface $intf is not set up with ip... exiting";
- break
- fi
-
- timer=`expr $timer + 1`
- done
- fi
- fi
-}
-
-setup_interface_ipv6() {
- sysctl net.ipv6.conf.all.disable_ipv6=0
- sysctl net.ipv6.conf.all.forwarding=1
- sysctl net.ipv6.conf.all.accept_ra=1
-
- local intfnum=$1
- local ipv6="$2"
- local prelen="$3"
- local intf=eth${intfnum}
-
- echo "iface $intf inet6 static" >> /etc/network/interfaces
- echo " address $ipv6 " >> /etc/network/interfaces
- echo " netmask $prelen" >> /etc/network/interfaces
- echo " accept_ra 1" >> /etc/network/interfaces
- ifdown $intf
- ifup $intf
-}
-
-enable_fwding() {
- local enabled=$1
- log_it "cloud: enable_fwding = $1"
- log_it "enable_fwding = $1"
- echo "$1" > /proc/sys/net/ipv4/ip_forward
- [ -f /etc/iptables/iptables.conf ] && sed -i "s/ENABLE_ROUTING=.*$/ENABLE_ROUTING=$enabled/" /etc/iptables/iptables.conf && return
-}
-
-disable_rpfilter() {
- log_it "cloud: disable rp_filter"
- log_it "disable rpfilter"
- sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf
-}
-
-get_public_vif_list() {
- local vif_list=""
- for i in /sys/class/net/eth*; do
- vif=$(basename $i);
- if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ]
- then
- vif_list="$vif_list $vif";
- fi
- done
-
- echo $vif_list
-}
-
-disable_rpfilter_domR() {
- log_it "cloud: Tuning rp_filter on public interfaces"
-
- VIF_LIST=$(get_public_vif_list)
- log_it "rpfilter public interfaces : $VIF_LIST"
- if [ "$DISABLE_RP_FILTER" == "true" ]
- then
- log_it "cloud: disable rp_filter on public interfaces"
- sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf
- echo "0" > /proc/sys/net/ipv4/conf/default/rp_filter
- for vif in $VIF_LIST; do
- log_it "cloud: disable rp_filter on public interface: $vif"
- sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 0/" /etc/sysctl.conf
- echo "0" > /proc/sys/net/ipv4/conf/$vif/rp_filter
- done
- else
- log_it "cloud: enable rp_filter on public interfaces"
- sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 1/" /etc/sysctl.conf
- echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter
- for vif in $VIF_LIST; do
- log_it "cloud: enable rp_filter on public interface: $vif"
- sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 1/" /etc/sysctl.conf
- echo "1" > /proc/sys/net/ipv4/conf/$vif/rp_filter
- done
- fi
- log_it "cloud: Enabling rp_filter on Non-public interfaces(eth0,eth1,lo)"
- echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter
- echo "1" > /proc/sys/net/ipv4/conf/eth1/rp_filter
- echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter
-}
-
-enable_svc() {
- local svc=$1
- local enabled=$2
-
- log_it "Enable service ${svc} = $enabled"
- local cfg=/etc/default/${svc}
- [ -f $cfg ] && sed -i "s/ENABLED=.*$/ENABLED=$enabled/" $cfg && return
-}
-
-
-enable_irqbalance() {
- local enabled=$1
- local proc=0
-
- proc=$(cat /proc/cpuinfo | grep "processor" | wc -l)
- if [ $proc -le 1 ] && [ $enabled -eq 1 ]
- then
- enabled=0
- fi
-
- log_it "Processors = $proc Enable service ${svc} = $enabled"
- local cfg=/etc/default/irqbalance
- [ -f $cfg ] && sed -i "s/ENABLED=.*$/ENABLED=$enabled/" $cfg && return
-}
-
-disable_hvc() {
- [ ! -d /proc/xen ] && sed -i 's/^vc/#vc/' /etc/inittab && telinit q
- [ -d /proc/xen ] && sed -i 's/^#vc/vc/' /etc/inittab && telinit q
-}
-
-enable_vpc_rpsrfs() {
- local enable=$1
- if [ $enable -eq 0 ]
- then
- echo 0 > /etc/rpsrfsenable
- else
- echo 1 > /etc/rpsrfsenable
- fi
-
- return 0
-}
-
-enable_rpsrfs() {
- local enable=$1
-
- if [ $enable -eq 0 ]
- then
- echo 0 > /etc/rpsrfsenable
- return 0
- fi
-
- if [ ! -f /sys/class/net/eth0/queues/rx-0/rps_cpus ]
- then
- echo "rps is not enabled in the kernel"
- echo 0 > /etc/rpsrfsenable
- return 0
- fi
-
- proc=$(cat /proc/cpuinfo | grep "processor" | wc -l)
- if [ $proc -le 1 ]
- then
- echo 0 > /etc/rpsrfsenable
- return 0;
- fi
-
- echo 1 > /etc/rpsrfsenable
- num=1
- num=$(($num<<$proc))
- num=$(($num-1));
- echo $num;
- hex=$(printf "%x\n" $num)
- echo $hex;
- #enable rps
- echo $hex > /sys/class/net/eth0/queues/rx-0/rps_cpus
- echo $hex > /sys/class/net/eth2/queues/rx-0/rps_cpus
-
- #enble rfs
- echo 256 > /proc/sys/net/core/rps_sock_flow_entries
- echo 256 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt
- echo 256 > /sys/class/net/eth2/queues/rx-0/rps_flow_cnt
-}
-
-setup_common() {
- init_interfaces $1 $2 $3
- if [ -n "$ETH0_IP" ]
- then
- setup_interface "0" $ETH0_IP $ETH0_MASK $GW
- fi
- if [ -n "$ETH0_IP6" ]
- then
- setup_interface_ipv6 "0" $ETH0_IP6 $ETH0_IP6_PRELEN
- fi
- setup_interface "1" $ETH1_IP $ETH1_MASK $GW
- if [ -n "$ETH2_IP" ]
- then
- setup_interface "2" $ETH2_IP $ETH2_MASK $GW
- fi
-
- echo $NAME > /etc/hostname
- echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon
- hostname $NAME
-
- #Nameserver
- sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries
- sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries
- if [ -n "$internalNS1" ]
- then
- echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf
- echo "nameserver $internalNS1" > /etc/resolv.conf
- fi
-
- if [ -n "$internalNS2" ]
- then
- echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $internalNS2" >> /etc/resolv.conf
- fi
- if [ -n "$NS1" ]
- then
- echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $NS1" >> /etc/resolv.conf
- fi
-
- if [ -n "$NS2" ]
- then
- echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $NS2" >> /etc/resolv.conf
- fi
-
- if [ -n "$IP6_NS1" ]
- then
- echo "nameserver $IP6_NS1" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $IP6_NS1" >> /etc/resolv.conf
- fi
- if [ -n "$IP6_NS2" ]
- then
- echo "nameserver $IP6_NS2" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $IP6_NS2" >> /etc/resolv.conf
- fi
-
- if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
- then
- ip route add $MGMTNET via $LOCAL_GW dev eth1
- fi
-
- ip route delete default
- if [ "$RROUTER" != "1" ]
- then
- gwdev=$3
- if [ -z "$gwdev" ]
- then
- gwdev="eth0"
- fi
-
- ip route add default via $GW dev $gwdev
-
- fi
-
- # a hacking way to activate vSwitch under VMware
- ping -n -c 3 $GW &
- sleep 3
- pkill ping
- if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
- then
- ping -n -c 3 $LOCAL_GW &
- sleep 3
- pkill ping
- #This code is added to address ARP issue by pinging MGMT_GW
- MGMT_GW=$(echo $MGMTNET | awk -F "." '{print $1"."$2"."$3".1"}')
- ping -n -c 3 $MGMT_GW &
- sleep 3
- pkill ping
-
- fi
-
- local hyp=$(hypervisor)
- if [ "$hyp" == "vmware" ]; then
- ntpq -p &> /dev/null || vmware-toolbox-cmd timesync enable
- fi
-}
-
-setup_dnsmasq() {
- log_it "Setting up dnsmasq"
-
- touch /etc/dhcpopts.txt
-
- [ -z $DHCP_RANGE ] && [ $ETH0_IP ] && DHCP_RANGE=$ETH0_IP
- [ $ETH0_IP6 ] && DHCP_RANGE_IP6=$ETH0_IP6
- [ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
- #removing the dnsmasq multiple ranges config file.
- rm /etc/dnsmasq.d/multiple_ranges.conf
-
- #get the template
- cp /etc/dnsmasq.conf.tmpl /etc/dnsmasq.conf
-
- if [ -n "$DOMAIN" ]
- then
- #send domain name to dhcp clients
- sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf
- #DNS server will append $DOMAIN to local queries
- sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
- #answer all local domain queries
- sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
- fi
-
- if [ -n "$DNS_SEARCH_ORDER" ]
- then
- sed -i -e "/^[#]*dhcp-option.*=119.*$/d" /etc/dnsmasq.conf
- echo "dhcp-option-force=119,$DNS_SEARCH_ORDER" >> /etc/dnsmasq.conf
- # set the domain search order as a space seprated list for option 15
- DNS_SEARCH_ORDER=$(echo $DNS_SEARCH_ORDER | sed 's/,/ /g')
- #send domain name to dhcp clients
- sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\""$DNS_SEARCH_ORDER"\"/ /etc/dnsmasq.conf
- fi
-
- if [ $DHCP_RANGE ]
- then
- sed -i -e "s/^dhcp-range_ip4=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf
- else
- sed -i -e "s/^dhcp-range_ip4=.*$//" /etc/dnsmasq.conf
- fi
- if [ $DHCP_RANGE_IP6 ]
- then
- sed -i -e "s/^dhcp-range_ip6=.*$/dhcp-range=$DHCP_RANGE_IP6,static/" /etc/dnsmasq.conf
- # For nondefault6 tagged host, don't send dns-server information
- sed -i /nondefault6/d /etc/dnsmasq.conf
- echo "dhcp-option=nondefault6,option6:dns-server" >> /etc/dnsmasq.conf
- else
- sed -i -e "s/^dhcp-range_ip6=.*$//" /etc/dnsmasq.conf
- fi
-
- sed -i -e "s/^[#]*listen-address=.*$/listen-address=$LOCAL_ADDRS/" /etc/dnsmasq.conf
-
- if [ "$RROUTER" == "1" ]
- then
- DEFAULT_GW=$GUEST_GW
- INTERNAL_DNS=$GUEST_GW
- else
- if [ "$TYPE" == "dhcpsrvr" ]
- then
- DEFAULT_GW=$GW
- else
- DEFAULT_GW=$ETH0_IP
- fi
- INTERNAL_DNS=$ETH0_IP
- fi
- sed -i -e "/^[#]*dhcp-option=option:router.*$/d" /etc/dnsmasq.conf
- [ $DEFAULT_GW ] && echo "dhcp-option=option:router,$DEFAULT_GW" >> /etc/dnsmasq.conf
-
- [ $ETH0_IP ] && [ $NS1 ] && NS="$NS1,"
- [ $ETH0_IP ] && [ $NS2 ] && NS="$NS$NS2,"
- [ $ETH0_IP6 ] && [ $IP6_NS1 ] && NS6="[$IP6_NS1],"
- [ $ETH0_IP6 ] && [ $IP6_NS2 ] && NS6="$NS6[$IP6_NS2],"
- #for now set up ourself as the dns server as well
- sed -i -e "/^[#]*dhcp-option=6,.*$/d" /etc/dnsmasq.conf
- sed -i -e "/^[#]*dhcp-option=option6:dns-server,.*$/d" /etc/dnsmasq.conf
- if [ "$USE_EXTERNAL_DNS" != "true" ]
- then
- [ $ETH0_IP ] && NS="$INTERNAL_DNS,$NS"
- [ $ETH0_IP6 ] && NS6="[::],$NS6"
- # enable dns
- sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf
- else
- # disable dns
- sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf
- echo "port=0" >> /etc/dnsmasq.conf
- fi
- NS=${NS%?}
- NS6=${NS6%?}
- [ $ETH0_IP ] && echo "dhcp-option=6,$NS" >> /etc/dnsmasq.conf
- [ $ETH0_IP6 ] && echo "dhcp-option=option6:dns-server,$NS6" >> /etc/dnsmasq.conf
-#adding the name data-server to the /etc/hosts for allowing the access to user-data service and ssh-key reset in every subnet.
-#removing the existing entires to avoid duplicates on restarts.
- sed -i '/data-server/d' /etc/hosts
- if [ -n "$ETH0_IP" ]
- then
- echo "$ETH0_IP data-server" >> /etc/hosts
- fi
- if [ -n "$ETH0_IP6" ]
- then
- echo "$ETH0_IP6 data-server" >> /etc/hosts
- fi
-#add the dhcp-client-update only if dnsmasq version is 2.6 and above
- dnsmasqVersion=$(dnsmasq -v | grep version -m 1 | grep -o "[[:digit:]]\.[[:digit:]]")
- major=$(echo "$dnsmasqVersion" | cut -d '.' -f 1)
- minor=$(echo "$dnsmasqVersion" | cut -d '.' -f 2)
- if [ "$major" -eq '2' -a "$minor" -ge '6' ] || [ "$major" -gt '2' ]
- then
- sed -i -e "/^dhcp-client-update/d" /etc/dnsmasq.conf
- echo 'dhcp-client-update' >> /etc/dnsmasq.conf
- fi
-
- command -v dhcp_release > /dev/null 2>&1
- no_dhcp_release=$?
- if [ $no_dhcp_release -eq 0 -a -z "$ETH0_IP6" ]
- then
- echo 1 > /var/cache/cloud/dnsmasq_managed_lease
- sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf
- else
- echo 0 > /var/cache/cloud/dnsmasq_managed_lease
- fi
-}
-
-setup_sshd(){
- local ip=$1
- local eth=$2
- [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config
- sed -i "/3922/s/eth./$eth/" /etc/iptables/rules.v4
- sed -i "/3922/s/eth./$eth/" /etc/iptables/rules
-}
-
-
-setup_vpc_apache2() {
- log_it "Setting up apache web server for VPC"
- chkconfig apache2 off
- rm -f /etc/apache2/conf.d/vhost*.conf
- [ -f /etc/apache2/sites-available/default ] && echo "" >/etc/apache2/sites-available/default
- [ -f /etc/apache2/sites-available/default-ssl ] && echo "">/etc/apache2/sites-available/default-ssl
- [ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf
- [ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf
- [ -f /etc/apache2/ports.conf ] && echo "">/etc/apache2/ports.conf
- [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security
- [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security
-
- # Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/
- [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf
-
- echo "Options -Indexes" > /var/www/html/.htaccess
-}
-
-
-clean_ipalias_config() {
-rm -f /etc/apache2/conf.d/ports.*.meta-data.conf
-rm -f /etc/apache2/sites-available/ipAlias*
-rm -f /etc/apache2/sites-enabled/ipAlias*
-rm -rf /etc/failure_config
-}
-
-setup_apache2() {
- clean_ipalias_config
- log_it "Setting up apache web server"
- local ip=$1
- [ -f /etc/apache2/sites-available/default ] && sed -i -e "s///" /etc/apache2/sites-available/default
- [ -f /etc/apache2/sites-available/default-ssl ] && sed -i -e "s///" /etc/apache2/sites-available/default-ssl
- [ -f /etc/apache2/ports.conf ] && sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/ports.conf
- [ -f /etc/apache2/ports.conf ] && sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/ports.conf
- [ -f /etc/apache2/ports.conf ] && sed -i -e "s/NameVirtualHost .*:80/NameVirtualHost $ip:80/g" /etc/apache2/ports.conf
- [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security
- [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security
-
- # Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/
- [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf
-
- echo "Options -Indexes" > /var/www/html/.htaccess
-}
-
-setup_redundant_router() {
- rrouter_bin_path="/ramdisk/rrouter"
- rrouter_log="/ramdisk/rrouter/keepalived.log"
- rrouter_bin_path_str="\/ramdisk\/rrouter"
- rrouter_log_str="\/ramdisk\/rrouter\/keepalived.log"
- mkdir -p /ramdisk
- mount tmpfs /ramdisk -t tmpfs
- mkdir -p /ramdisk/rrouter
- ip route delete default
- cp /root/redundant_router/keepalived.conf.templ /etc/keepalived/keepalived.conf
- cp /root/redundant_router/conntrackd.conf.templ /etc/conntrackd/conntrackd.conf
- cp /root/redundant_router/enable_pubip.sh.templ $rrouter_bin_path/enable_pubip.sh
- cp /root/redundant_router/master.sh.templ $rrouter_bin_path/master.sh
- cp /root/redundant_router/backup.sh.templ $rrouter_bin_path/backup.sh
- cp /root/redundant_router/fault.sh.templ $rrouter_bin_path/fault.sh
- cp /root/redundant_router/primary-backup.sh.templ $rrouter_bin_path/primary-backup.sh
- cp /root/redundant_router/heartbeat.sh.templ $rrouter_bin_path/heartbeat.sh
- cp /root/redundant_router/check_heartbeat.sh.templ $rrouter_bin_path/check_heartbeat.sh
- cp /root/redundant_router/arping_gateways.sh.templ $rrouter_bin_path/arping_gateways.sh
- cp /root/redundant_router/check_bumpup.sh $rrouter_bin_path/
- cp /root/redundant_router/disable_pubip.sh $rrouter_bin_path/
- cp /root/redundant_router/checkrouter.sh.templ /opt/cloud/bin/checkrouter.sh
- cp /root/redundant_router/services.sh $rrouter_bin_path/
- sed -i "s/\[ROUTER_ID\]/$NAME/g" /etc/keepalived/keepalived.conf
- sed -i "s/\[ROUTER_IP\]/$GUEST_GW\/$GUEST_CIDR_SIZE/g" /etc/keepalived/keepalived.conf
- sed -i "s/\[BOARDCAST\]/$GUEST_BRD/g" /etc/keepalived/keepalived.conf
- sed -i "s/\[PRIORITY\]/$ROUTER_PR/g" /etc/keepalived/keepalived.conf
- sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" /etc/keepalived/keepalived.conf
- sed -i "s/\[DELTA\]/2/g" /etc/keepalived/keepalived.conf
- sed -i "s/\[LINK_IF\]/eth0/g" /etc/conntrackd/conntrackd.conf
- sed -i "s/\[LINK_IP\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf
- sed -i "s/\[IGNORE_IP1\]/$GUEST_GW/g" /etc/conntrackd/conntrackd.conf
- sed -i "s/\[IGNORE_IP2\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf
- sed -i "s/\[IGNORE_IP3\]/$ETH1_IP/g" /etc/conntrackd/conntrackd.conf
- sed -i "s/\[ETH2IP\]/$ETH2_IP/g" $rrouter_bin_path/enable_pubip.sh
- sed -i "s/\[ETH2MASK\]/$ETH2_MASK/g" $rrouter_bin_path/enable_pubip.sh
- sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/enable_pubip.sh
- sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/master.sh
- sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/master.sh
- sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/backup.sh
- sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/fault.sh
- sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/heartbeat.sh
- sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/check_heartbeat.sh
- sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/master.sh
- sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/backup.sh
- sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/fault.sh
- sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/primary-backup.sh
- sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/check_heartbeat.sh
- sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/arping_gateways.sh
- sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" /opt/cloud/bin/checkrouter.sh
-
- if [ $ADVERT_INT ]
- then
- sed -i "s/advert_int 1/advert_int $ADVERT_INT/g" /etc/keepalived/keepalived.conf
- fi
-
- chmod a+x $rrouter_bin_path/*.sh
-
- sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived
- crontab -l|grep "check_heartbeat.sh"
- if [ $? -ne 0 ]
- then
- (crontab -l; echo -e "SHELL=/bin/bash\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n*/1 * * * * $rrouter_bin_path/check_heartbeat.sh 2>&1 > /dev/null") | crontab
- fi
-}
-
-setup_aesni() {
- if [ `grep aes /proc/cpuinfo | wc -l` -gt 0 ]
- then
- modprobe aesni_intel
- fi
-}
-
-setup_router() {
- log_it "Setting up virtual router system vm"
-
- #To save router public interface and gw ip information
- touch /var/cache/cloud/ifaceGwIp
-
- oldmd5=
- [ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}')
-
- if [ -n "$ETH2_IP" ]
- then
- setup_common eth0 eth1 eth2
-
- if [ -n "$EXTRA_PUBNICS" ]
- then
- for((i = 3; i < 3 + $EXTRA_PUBNICS; i++))
- do
- setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force"
- done
- fi
- else
- setup_common eth0 eth1
- if [ -n "$EXTRA_PUBNICS" ]
- then
- for((i = 2; i < 2 + $EXTRA_PUBNICS; i++))
- do
- setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force"
- done
- fi
- fi
-
- if [ -n "$ETH2_IP" -a "$RROUTER" == "1" ]
- then
- setup_redundant_router
- fi
-
- log_it "Checking udev NIC assignment order changes"
- if [ "$NIC_MACS" != "" ]
- then
- init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules"
- newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}')
- rm /tmp/interfaces
- rm /tmp/udev-rules
-
- if [ "$oldmd5" != "$newmd5" ]
- then
- log_it "udev NIC assignment requires reboot to take effect"
- sync
- sleep 2
- reboot
- fi
- fi
-
- setup_aesni
- setup_dnsmasq
- setup_apache2 $ETH0_IP
-
- sed -i /gateway/d /etc/hosts
- echo "$ETH0_IP $NAME" >> /etc/hosts
-
-
- enable_svc dnsmasq 1
- enable_svc haproxy 1
- enable_irqbalance 1
- enable_svc cloud-passwd-srvr 1
- enable_svc cloud 0
- disable_rpfilter_domR
- enable_fwding 1
- enable_rpsrfs 1
- chkconfig nfs-common off
- cp /etc/iptables/iptables-router /etc/iptables/rules.v4
-#for old templates
- cp /etc/iptables/iptables-router /etc/iptables/rules
- setup_sshd $ETH1_IP "eth1"
-}
-
-
-
-setup_vpcrouter() {
- log_it "Setting up VPC virtual router system vm"
-
- if [ -f /etc/hosts ]; then
- grep -q $NAME /etc/hosts || echo "127.0.0.1 $NAME" >> /etc/hosts;
- fi
-
- cat > /etc/network/interfaces << EOF
-auto lo eth0
-iface lo inet loopback
-EOF
- setup_interface "0" $ETH0_IP $ETH0_MASK $GW
-
- echo $NAME > /etc/hostname
- echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon
- hostname $NAME
-
- #Nameserver
- sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries
- sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries
- if [ -n "$internalNS1" ]
- then
- echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf
- echo "nameserver $internalNS1" > /etc/resolv.conf
- fi
-
- if [ -n "$internalNS2" ]
- then
- echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $internalNS2" >> /etc/resolv.conf
- fi
- if [ -n "$NS1" ]
- then
- echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $NS1" >> /etc/resolv.conf
- fi
-
- if [ -n "$NS2" ]
- then
- echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $NS2" >> /etc/resolv.conf
- fi
- if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
- then
- if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ];
- then
- ip route add $MGMTNET via $LOCAL_GW dev eth0
-
- # a hacking way to activate vSwitch under VMware
- ping -n -c 3 $LOCAL_GW &
- sleep 3
- pkill ping
- fi
- fi
-
- ip route delete default
- # create route table for static route
-
- sudo echo "252 static_route" >> /etc/iproute2/rt_tables 2>/dev/null
- sudo echo "251 static_route_back" >> /etc/iproute2/rt_tables 2>/dev/null
- sudo ip rule add from $VPCCIDR table static_route 2>/dev/null
- sudo ip rule add from $VPCCIDR table static_route_back 2>/dev/null
-
- setup_vpc_apache2
-
- enable_svc dnsmasq 1
- enable_svc haproxy 1
- enable_irqbalance 1
- enable_vpc_rpsrfs 1
- enable_svc cloud 0
- disable_rpfilter
- enable_fwding 1
- cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules.v4
- cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules
- setup_sshd $ETH0_IP "eth0"
- cp /etc/vpcdnsmasq.conf /etc/dnsmasq.conf
- cp /etc/cloud-nic.rules /etc/udev/rules.d/cloud-nic.rules
- echo "" > /etc/dnsmasq.d/dhcphosts.txt
- echo "dhcp-hostsfile=/etc/dhcphosts.txt" > /etc/dnsmasq.d/cloud.conf
-
- [ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
- #DNS server will append $DOMAIN to local queries
- sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
- #answer all local domain queries
- sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
-
- command -v dhcp_release > /dev/null 2>&1
- no_dhcp_release=$?
- if [ $no_dhcp_release -eq 0 ]
- then
- echo 1 > /var/cache/cloud/dnsmasq_managed_lease
- sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf
- else
- echo 0 > /var/cache/cloud/dnsmasq_managed_lease
- fi
-}
-
-
-
-setup_dhcpsrvr() {
- log_it "Setting up dhcp server system vm"
- setup_common eth0 eth1
- setup_dnsmasq
- setup_apache2 $ETH0_IP
-
- sed -i /gateway/d /etc/hosts
- [ $ETH0_IP ] && echo "$ETH0_IP $NAME" >> /etc/hosts
- [ $ETH0_IP6 ] && echo "$ETH0_IP6 $NAME" >> /etc/hosts
-
- enable_svc dnsmasq 1
- enable_svc haproxy 0
- enable_irqbalance 0
- enable_svc cloud-passwd-srvr 1
- enable_svc cloud 0
- enable_fwding 0
- chkconfig nfs-common off
-
- cp /etc/iptables/iptables-router /etc/iptables/rules.v4
- cp /etc/iptables/iptables-router /etc/iptables/rules
-
- #Only allow DNS service for current network
- sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
- sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
- sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
- sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
-
- if [ "$SSHONGUEST" == "true" ]
- then
- setup_sshd $ETH0_IP "eth0"
- else
- setup_sshd $ETH1_IP "eth1"
- fi
-}
-
-setup_storage_network() {
- if [ x"$STORAGE_IP" == "x" -o x"$STORAGE_NETMASK" == "x" ]
- then
- log_it "Incompleted parameters STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR. Cannot setup storage network"
- return
- fi
-
- echo "" >> /etc/network/interfaces
- echo "auto eth3" >> /etc/network/interfaces
-
- setup_interface "3" "$STORAGE_IP" "$STORAGE_NETMASK"
- #ip route add "$STORAGE_CIDR" via "$STORAGE_IP"
- log_it "Successfully setup storage network with STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR"
-}
-
-setup_secstorage() {
- log_it "Setting up secondary storage system vm"
- sysctl vm.min_free_kbytes=8192
- local hyp=$1
- setup_common eth0 eth1 eth2
- setup_storage_network
- [ -n "$MTU" ] && ifconfig eth1 mtu $MTU
- sed -i /gateway/d /etc/hosts
- public_ip=$ETH2_IP
- [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP
- echo "$public_ip $NAME" >> /etc/hosts
-
- cp /etc/iptables/iptables-secstorage /etc/iptables/rules.v4
- cp /etc/iptables/iptables-secstorage /etc/iptables/rules
- if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then
- setup_sshd $ETH1_IP "eth1"
- else
- setup_sshd $ETH0_IP "eth0"
- fi
- setup_apache2 $ETH2_IP
-
- disable_rpfilter
- enable_fwding 0
- enable_svc haproxy 0
- enable_irqbalance 0
- enable_svc dnsmasq 0
- enable_svc cloud-passwd-srvr 0
- enable_svc cloud 1
-}
-
-setup_console_proxy() {
- log_it "Setting up console proxy system vm"
- local hyp=$1
- setup_common eth0 eth1 eth2
- public_ip=$ETH2_IP
- [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP
- sed -i /gateway/d /etc/hosts
- echo "$public_ip $NAME" >> /etc/hosts
- cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules.v4
- cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules
- if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then
- setup_sshd $ETH1_IP "eth1"
- else
- setup_sshd $ETH0_IP "eth0"
- fi
-
- disable_rpfilter
- enable_fwding 0
- enable_svc haproxy 0
- enable_irqbalance 0
- enable_svc dnsmasq 0
- enable_svc cloud-passwd-srvr 0
- enable_svc cloud 1
- chkconfig nfs-common off
-}
-
-setup_elbvm() {
- log_it "Setting up Elastic Load Balancer system vm"
- local hyp=$1
- setup_common eth0 eth1
- sed -i /gateway/d /etc/hosts
- public_ip=$ETH2_IP
- [ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP
- echo "$public_ip $NAME" >> /etc/hosts
-
- cp /etc/iptables/iptables-elbvm /etc/iptables/rules.v4
- cp /etc/iptables/iptables-elbvm /etc/iptables/rules
- if [ "$SSHONGUEST" == "true" ]
- then
- setup_sshd $ETH0_IP "eth0"
- else
- setup_sshd $ETH1_IP "eth1"
- fi
-
- enable_fwding 0
- enable_svc haproxy 0
- enable_irqbalance 0
- enable_svc dnsmasq 0
- enable_svc cloud-passwd-srvr 0
- enable_svc cloud 0
- chkconfig nfs-common off
- chkconfig portmap off
-}
-
-setup_ilbvm() {
- log_it "Setting up Internal Load Balancer system vm"
- local hyp=$1
- setup_common eth0 eth1
- #eth0 = guest network, eth1=control network
-
- sed -i /$NAME/d /etc/hosts
- echo "$ETH0_IP $NAME" >> /etc/hosts
-
- cp /etc/iptables/iptables-ilbvm /etc/iptables/rules.v4
- cp /etc/iptables/iptables-ilbvm /etc/iptables/rules
- setup_sshd $ETH1_IP "eth1"
-
- enable_fwding 0
- enable_svc haproxy 1
- enable_irqbalance 1
- enable_svc dnsmasq 0
- enable_svc cloud-passwd-srvr 0
- enable_svc cloud 0
- chkconfig nfs-common off
- chkconfig portmap off
-}
-
-setup_default() {
- cat > /etc/network/interfaces << EOF
-auto lo
-iface lo inet loopback
-EOF
- cp -f /etc/iptables/rt_tables_init /etc/iproute2/rt_tables
-}
-
-change_password() {
- if [ x"$VM_PASSWORD" != x"" ]
- then
- echo "root:$VM_PASSWORD" | chpasswd
- fi
-}
-
-start() {
- # Clear /tmp for file lock
- rm -f /tmp/*.lock
- rm -f /tmp/rrouter_bumped
- local hyp=$(hypervisor)
- [ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10
- log_it "Detected that we are running inside $hyp guest"
- get_boot_params
- patch
- patch_log4j
- parse_cmd_line
- change_password
- case $TYPE in
- router)
- [ "$NAME" == "" ] && NAME=router
- setup_router
- ;;
- vpcrouter)
- [ "$NAME" == "" ] && NAME=vpcrouter
- setup_vpcrouter
- ;;
- dhcpsrvr)
- [ "$NAME" == "" ] && NAME=dhcpsrvr
- setup_dhcpsrvr
- ;;
- secstorage)
- [ "$NAME" == "" ] && NAME=secstorage
- setup_secstorage $hyp;
- ;;
- consoleproxy)
- [ "$NAME" == "" ] && NAME=consoleproxy
- setup_console_proxy $hyp;
- ;;
- elbvm)
- [ "$NAME" == "" ] && NAME=elb
- setup_elbvm
- ;;
- ilbvm)
- [ "$NAME" == "" ] && NAME=ilb
- setup_ilbvm
- ;;
- unknown)
- [ "$NAME" == "" ] && NAME=systemvm
- setup_default;
- ;;
- esac
- if [ "$hyp" == "hyperv" ]; then
- # eject the systemvm.iso
- eject
- fi
- return 0
-}
-
-disable_hvc
-
-parse_cmd_line() {
-CMDLINE=$(cat /var/cache/cloud/cmdline)
-TYPE="unknown"
-BOOTPROTO="static"
-DISABLE_RP_FILTER="false"
-STORAGE_IP=""
-STORAGE_NETMASK=""
-STORAGE_CIDR=""
-VM_PASSWORD=""
-
-for i in $CMDLINE
- do
- # search for foo=bar pattern and cut out foo
- KEY=$(echo $i | cut -d= -f1)
- VALUE=$(echo $i | cut -d= -f2)
- case $KEY in
- disable_rp_filter)
- DISABLE_RP_FILTER=$VALUE
- ;;
- eth0ip)
- ETH0_IP=$VALUE
- ;;
- eth1ip)
- ETH1_IP=$VALUE
- ;;
- eth2ip)
- ETH2_IP=$VALUE
- ;;
- host)
- MGMT_HOST=$VALUE
- ;;
- gateway)
- GW=$VALUE
- ;;
- ip6gateway)
- IP6GW=$VALUE
- ;;
- eth0mask)
- ETH0_MASK=$VALUE
- ;;
- eth1mask)
- ETH1_MASK=$VALUE
- ;;
- eth2mask)
- ETH2_MASK=$VALUE
- ;;
- eth0ip6)
- ETH0_IP6=$VALUE
- ;;
- eth0ip6prelen)
- ETH0_IP6_PRELEN=$VALUE
- ;;
- internaldns1)
- internalNS1=$VALUE
- ;;
- internaldns2)
- internalNS2=$VALUE
- ;;
- dns1)
- NS1=$VALUE
- ;;
- dns2)
- NS2=$VALUE
- ;;
- ip6dns1)
- IP6_NS1=$VALUE
- ;;
- ip6dns2)
- IP6_NS2=$VALUE
- ;;
- domain)
- DOMAIN=$VALUE
- ;;
- dnssearchorder)
- DNS_SEARCH_ORDER=$VALUE
- ;;
- useextdns)
- USE_EXTERNAL_DNS=$VALUE
- ;;
- mgmtcidr)
- MGMTNET=$VALUE
- ;;
- localgw)
- LOCAL_GW=$VALUE
- ;;
- template)
- TEMPLATE=$VALUE
- ;;
- sshonguest)
- SSHONGUEST=$VALUE
- ;;
- name)
- NAME=$VALUE
- ;;
- dhcprange)
- DHCP_RANGE=$(echo $VALUE | tr ':' ',')
- ;;
- bootproto)
- BOOTPROTO=$VALUE
- ;;
- type)
- TYPE=$VALUE
- ;;
- defaultroute)
- DEFAULTROUTE=$VALUE
- ;;
- redundant_router)
- RROUTER=$VALUE
- ;;
- guestgw)
- GUEST_GW=$VALUE
- ;;
- guestbrd)
- GUEST_BRD=$VALUE
- ;;
- guestcidrsize)
- GUEST_CIDR_SIZE=$VALUE
- ;;
- router_pr)
- ROUTER_PR=$VALUE
- ;;
- extra_pubnics)
- EXTRA_PUBNICS=$VALUE
- ;;
- nic_macs)
- NIC_MACS=$VALUE
- ;;
- mtu)
- MTU=$VALUE
- ;;
- storageip)
- STORAGE_IP=$VALUE
- ;;
- storagenetmask)
- STORAGE_NETMASK=$VALUE
- ;;
- storagecidr)
- STORAGE_CIDR=$VALUE
- ;;
- vmpassword)
- VM_PASSWORD=$VALUE
- ;;
- vpccidr)
- VPCCIDR=$VALUE
- ;;
- cidrsize)
- CIDR_SIZE=$VALUE
- ;;
- advert_int)
- ADVERT_INT=$VALUE
- ;;
- esac
-done
-
-[ $ETH0_IP ] && LOCAL_ADDRS=$ETH0_IP
-[ $ETH0_IP6 ] && LOCAL_ADDRS=$ETH0_IP6
-[ $ETH0_IP ] && [ $ETH0_IP6 ] && LOCAL_ADDRS="$ETH0_IP,$ETH0_IP6"
-}
-
-case "$1" in
-start)
-
- log_action_begin_msg "Executing cloud-early-config"
- log_it "Executing cloud-early-config"
- if start; then
- log_action_end_msg $?
- else
- log_action_end_msg $?
- fi
- ;;
-
-stop)
- log_action_begin_msg "Stopping cloud-early-config"
- #Override old system's interface setting
- setup_default;
- log_action_end_msg 0
- ;;
-
-force-reload|restart)
-
- log_warning_msg "Running $0 is deprecated because it may not enable again some interfaces"
- log_action_begin_msg "Executing cloud-early-config"
- if start; then
- log_action_end_msg $?
- else
- log_action_end_msg $?
- fi
- ;;
-
-*)
- echo "Usage: /etc/init.d/cloud-early-config {start|stop}"
- exit 1
- ;;
-esac
-
-exit 0
diff --git a/tools/vagrant/systemvm/scripts/etc/init.d/cloud-passwd-srvr b/tools/vagrant/systemvm/scripts/etc/init.d/cloud-passwd-srvr
deleted file mode 100755
index d276bfde88a..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/init.d/cloud-passwd-srvr
+++ /dev/null
@@ -1,124 +0,0 @@
-#!/bin/bash
-### BEGIN INIT INFO
-# Provides: cloud-passwd-srvr
-# Required-Start: mountkernfs $local_fs cloud-early-config iptables-persistent
-# Required-Stop: $local_fs
-# Should-Start:
-# Should-Stop:
-# Default-Start:
-# Default-Stop: 0 6
-# Short-Description: Web server that sends passwords to User VMs
-### END INIT INFO
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-ENABLED=0
-[ -e /etc/default/cloud-passwd-srvr ] && . /etc/default/cloud-passwd-srvr
-
-add_iptables_rules()
-{
- #Delete any old iptables rule for port 8080 on eth0
- remove_iptables_rules
-
- #For all cidrs on eth0 for port 8080 accept only if source is withing that cidr
- for cidr in $(ip addr | grep eth0 | grep inet | awk '{print $2}');
- do
- count=1
- #Try for 10 times, if it still fails then bail
- while [ $count -le 10 ];
- do
- (( count++ ))
- iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp -s $cidr --dport 8080 -j ACCEPT
- if [ `iptables -L INPUT -n -v | grep eth0 | grep 8080 | grep ACCEPT | wc -l` -gt 0 ]
- then
- break
- else
- sleep 2
- fi
- done
- done
- echo "Added cloud-passwd-srvr iptables rules" && return 0
-}
-
-remove_iptables_rules()
-{
- #Change the Internal Field Separator so the for loop, loops on lines and not spaces
- OIFS="${IFS}"
- NIFS=$'\n'
- IFS="${NIFS}"
-
- #Removed all iptable rules for port 8080 on eth0, they were added in start()
- for srcdest in `iptables -L -n -v | grep eth0 | grep 8080 | grep ACCEPT | awk '{print "--source "$8" --destination "$9}'`;
- do
- eval "iptables -D INPUT -i eth0 -p tcp -m state --state NEW -m tcp $srcdest --dport 8080 -j ACCEPT";
- done
-
- #Restore IFS
- IFS="${OIFS}"
-
- echo "Removed cloud-passwd-srvr iptables rules" && return 0
-}
-
-start() {
- [ "$ENABLED" != 0 ] || exit 0
- pid=$(getpid)
- [ "$pid" != "" ] && echo "Password server is already running (pid=$pid)" && return 0
- add_iptables_rules
- nohup bash /opt/cloud/bin/passwd_server &
-}
-
-getpid() {
- pid=$(ps -ef | grep passwd_server_ip | grep -v grep | awk '{print $2}')
- echo $pid
-}
-
-stop_socat() {
- spid=$(pidof socat)
- [ "$spid" != "" ] && kill -9 $spid && echo "Killed socat (pid=$spid)"
- return 0
-}
-
-stop () {
- stop_socat
- pid=$(getpid)
- [ "$pid" != "" ] && kill -9 $pid && remove_iptables_rules && echo "Stopped password server (pid=$pid)" && stop_socat && return 0
-
- echo "Password server is not running" && return 0
-}
-
-status () {
- pid=$(getpid)
- [ "$pid" != "" ] && echo "Password server is running (pid=$pid)" && return 0
- echo "Password server is not running" && return 0
-}
-
-case "$1" in
- start) start
- ;;
- stop) stop
- ;;
- status) status
- ;;
- restart) stop
- start
- ;;
- *) echo "Usage: $0 {start|stop|status|restart}"
- exit 1
- ;;
-esac
-
-exit 0
diff --git a/tools/vagrant/systemvm/scripts/etc/init.d/postinit b/tools/vagrant/systemvm/scripts/etc/init.d/postinit
deleted file mode 100755
index 818959fde3b..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/init.d/postinit
+++ /dev/null
@@ -1,178 +0,0 @@
-#!/bin/bash -e
-### BEGIN INIT INFO
-# Provides: postinit
-# Required-Start: mountkernfs $local_fs cloud-early-config
-# Required-Stop: $local_fs
-# Should-Start:
-# Should-Stop:
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: post-init
-### END INIT INFO
-
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-replace_in_file() {
- local filename=$1
- local keyname=$2
- local value=$3
- sed -i /$keyname=/d $filename
- echo "$keyname=$value" >> $filename
- return $?
-}
-
-setup_secstorage() {
- public_ip=$ETH2_IP
- sed -i /$NAME/d /etc/hosts
- echo "$public_ip $NAME" >> /etc/hosts
- [ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:80$/Listen $public_ip:80/" /etc/httpd/conf/httpd.conf
- [ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:443$/Listen $public_ip:443/" /etc/httpd/conf/httpd.conf
-}
-
-setup_console_proxy() {
- public_ip=$ETH2_IP
- sed -i /$NAME/d /etc/hosts
- echo "$public_ip $NAME" >> /etc/hosts
-}
-
-setup_redundant_router() {
- if [ "$RROUTER" != "1" ]
- then
- return 1
- fi
- rrouter_bin_path="/ramdisk/rrouter"
- eth2mac=`ip link show eth2 | awk '/ether/ {print $2}'`
- sed -i "s/\[ETH2MAC\]/$eth2mac/g" $rrouter_bin_path/enable_pubip.sh
-}
-
-start() {
- case $TYPE in
- secstorage)
- [ "$NAME" == "" ] && NAME=secstorage
- setup_secstorage;
- ;;
- consoleproxy)
- [ "$NAME" == "" ] && NAME=consoleproxy
- setup_console_proxy;
- ;;
- router)
- [ "$NAME" == "" ] && NAME=router
- setup_redundant_router;
- ;;
-
- esac
-}
-
-stop() {
- echo ""
-}
-
-status() {
- echo ""
-}
-
-CMDLINE=$(cat /var/cache/cloud/cmdline)
-TYPE="router"
-BOOTPROTO="static"
-
-for i in $CMDLINE
- do
- # search for foo=bar pattern and cut out foo
- KEY=$(echo $i | cut -d= -f1)
- VALUE=$(echo $i | cut -d= -f2)
- case $KEY in
- eth0ip)
- ETH0_IP=$VALUE
- ;;
- eth1ip)
- ETH1_IP=$VALUE
- ;;
- eth2ip)
- ETH2_IP=$VALUE
- ;;
- gateway)
- GW=$VALUE
- ;;
- eth0mask)
- ETH0_MASK=$VALUE
- ;;
- eth1mask)
- ETH1_MASK=$VALUE
- ;;
- eth2mask)
- ETH2_MASK=$VALUE
- ;;
- dns1)
- NS1=$VALUE
- ;;
- dns2)
- NS2=$VALUE
- ;;
- domain)
- DOMAIN=$VALUE
- ;;
- mgmtcidr)
- MGMTNET=$VALUE
- ;;
- localgw)
- LOCAL_GW=$VALUE
- ;;
- template)
- TEMPLATE=$VALUE
- ;;
- name)
- NAME=$VALUE
- ;;
- dhcprange)
- DHCP_RANGE=$(echo $VALUE | tr ':' ',')
- ;;
- bootproto)
- BOOTPROTO=$VALUE
- ;;
- type)
- TYPE=$VALUE
- ;;
- redundant_router)
- RROUTER=$VALUE
- ;;
- esac
-done
-
-if [ "$BOOTPROTO" == "static" -a "$RROUTER" != "1" ]
-then
- exit 0
-fi
-
-ETH1_IP=$(ifconfig eth1|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1)
-ETH2_IP=$(ifconfig eth2|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1)
-
-
-case "$1" in
- start) start
- ;;
- stop) stop
- ;;
- status) status
- ;;
- restart) stop
- start
- ;;
- *) echo "Usage: $0 {start|stop|status|restart}"
- exit 1
- ;;
-esac
diff --git a/tools/vagrant/systemvm/scripts/etc/ipsec.conf b/tools/vagrant/systemvm/scripts/etc/ipsec.conf
deleted file mode 100755
index dc363b3a65f..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/ipsec.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-# Manual: ipsec.conf.5
-version 2.0
-
-config setup
- nat_traversal=yes
- virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
- protostack=auto
-
-include /etc/ipsec.d/*.conf
diff --git a/tools/vagrant/systemvm/scripts/etc/ipsec.d/l2tp.conf b/tools/vagrant/systemvm/scripts/etc/ipsec.d/l2tp.conf
deleted file mode 100755
index 7459e259a4e..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/ipsec.d/l2tp.conf
+++ /dev/null
@@ -1,33 +0,0 @@
-conn L2TP-PSK
- authby=secret
- pfs=no
- rekey=no
- keyingtries=3
- #
- # ----------------------------------------------------------
- # The VPN server.
- #
- # Allow incoming connections on the external network interface.
- # If you want to use a different interface or if there is no
- # defaultroute, you can use: left=your.ip.addr.ess
- #
- left=172.26.0.151
- #
- leftprotoport=17/1701
- # If you insist on supporting non-updated Windows clients,
- # you can use: leftprotoport=17/%any
- #
- # ----------------------------------------------------------
- # The remote user(s).
- #
- # Allow incoming connections only from this IP address.
- right=%any
- # If you want to allow multiple connections from any IP address,
- # you can use: right=%any
- #
- rightprotoport=17/%any
- #
- # ----------------------------------------------------------
- # Change 'ignore' to 'add' to enable this configuration.
- #
- auto=add
diff --git a/tools/vagrant/systemvm/scripts/etc/ipsec.secrets b/tools/vagrant/systemvm/scripts/etc/ipsec.secrets
deleted file mode 100755
index d9a9a43c747..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/ipsec.secrets
+++ /dev/null
@@ -1,2 +0,0 @@
-include /var/lib/openswan/ipsec.secrets.inc
-include /etc/ipsec.d/ipsec.*.secrets
diff --git a/tools/vagrant/systemvm/scripts/etc/iptables/iptables-consoleproxy b/tools/vagrant/systemvm/scripts/etc/iptables/iptables-consoleproxy
deleted file mode 100755
index ae5d14d8461..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/iptables/iptables-consoleproxy
+++ /dev/null
@@ -1,38 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-*nat
-:PREROUTING ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-COMMIT
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -i lo -j ACCEPT
--A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -p icmp --icmp-type 13 -j DROP
--A INPUT -p icmp -j ACCEPT
--A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 3922 -j ACCEPT
--A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT
--A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT
--A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
--A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-COMMIT
diff --git a/tools/vagrant/systemvm/scripts/etc/iptables/iptables-elbvm b/tools/vagrant/systemvm/scripts/etc/iptables/iptables-elbvm
deleted file mode 100755
index 17baef57481..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/iptables/iptables-elbvm
+++ /dev/null
@@ -1,34 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-*nat
-:PREROUTING ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-COMMIT
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -p icmp -j ACCEPT
--A INPUT -i lo -j ACCEPT
--A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
-COMMIT
-
diff --git a/tools/vagrant/systemvm/scripts/etc/iptables/iptables-ilbvm b/tools/vagrant/systemvm/scripts/etc/iptables/iptables-ilbvm
deleted file mode 100755
index 8d5ca651c75..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/iptables/iptables-ilbvm
+++ /dev/null
@@ -1,33 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-*nat
-:PREROUTING ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-COMMIT
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -p icmp -j ACCEPT
--A INPUT -i lo -j ACCEPT
--A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
-COMMIT
-
diff --git a/tools/vagrant/systemvm/scripts/etc/iptables/iptables-router b/tools/vagrant/systemvm/scripts/etc/iptables/iptables-router
deleted file mode 100755
index 3f5bc5f736b..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/iptables/iptables-router
+++ /dev/null
@@ -1,55 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-*nat
-:PREROUTING ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-COMMIT
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
-:FW_OUTBOUND - [0:0]
--A INPUT -d 224.0.0.18/32 -j ACCEPT
--A INPUT -d 225.0.0.50/32 -j ACCEPT
--A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -p icmp -j ACCEPT
--A INPUT -i lo -j ACCEPT
--A INPUT -i eth0 -p udp -m udp --dport 67 -j ACCEPT
--A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
--A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
--A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
--A INPUT -i eth0 -p tcp -m state --state NEW --dport 80 -j ACCEPT
--A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A FORWARD -i eth0 -o eth0 -m state --state NEW -j ACCEPT
--A FORWARD -i eth0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A FORWARD -i eth0 -o eth2 -j FW_OUTBOUND
--I FW_OUTBOUND -m state --state RELATED,ESTABLISHED -j ACCEPT
-COMMIT
-*mangle
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
--A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
--A POSTROUTING -p udp --dport bootpc -j CHECKSUM --checksum-fill
-COMMIT
diff --git a/tools/vagrant/systemvm/scripts/etc/iptables/iptables-secstorage b/tools/vagrant/systemvm/scripts/etc/iptables/iptables-secstorage
deleted file mode 100755
index 31399241126..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/iptables/iptables-secstorage
+++ /dev/null
@@ -1,36 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-*nat
-:PREROUTING ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-COMMIT
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
-:HTTP - [0:0]
--A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i eth3 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i lo -j ACCEPT
--A INPUT -p icmp --icmp-type 13 -j DROP
--A INPUT -p icmp -j ACCEPT
--A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
-COMMIT
diff --git a/tools/vagrant/systemvm/scripts/etc/iptables/iptables-vpcrouter b/tools/vagrant/systemvm/scripts/etc/iptables/iptables-vpcrouter
deleted file mode 100755
index b04af3ba7ae..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/iptables/iptables-vpcrouter
+++ /dev/null
@@ -1,42 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-*nat
-:PREROUTING ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-COMMIT
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -d 224.0.0.18/32 -j ACCEPT
--A INPUT -d 225.0.0.50/32 -j ACCEPT
--A INPUT -p icmp -j ACCEPT
--A INPUT -i lo -j ACCEPT
--A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
--A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
--A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-COMMIT
-*mangle
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
--A OUTPUT -p udp --dport bootpc -j CHECKSUM --checksum-fill
-COMMIT
diff --git a/tools/vagrant/systemvm/scripts/etc/iptables/rt_tables_init b/tools/vagrant/systemvm/scripts/etc/iptables/rt_tables_init
deleted file mode 100755
index c7f086bdaed..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/iptables/rt_tables_init
+++ /dev/null
@@ -1,29 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-
-#
-# reserved values
-#
-255 local
-254 main
-253 default
-0 unspec
-#
-# local
-#
-#1 inr.ruhep
diff --git a/tools/vagrant/systemvm/scripts/etc/iptables/rules b/tools/vagrant/systemvm/scripts/etc/iptables/rules
deleted file mode 100755
index 7c577615167..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/iptables/rules
+++ /dev/null
@@ -1,42 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-*nat
-:PREROUTING ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-COMMIT
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
--A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -p icmp -j ACCEPT
--A INPUT -i lo -j ACCEPT
--A INPUT -i eth0 -p udp -m udp --dport 67 -j ACCEPT
--A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
--A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
--A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
--A INPUT -i eth0 -p tcp -m state --state NEW --dport 8080 -j ACCEPT
--A INPUT -i eth0 -p tcp -m state --state NEW --dport 80 -j ACCEPT
--A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A FORWARD -i eth0 -o eth2 -j ACCEPT
--A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-COMMIT
-
diff --git a/tools/vagrant/systemvm/scripts/etc/logrotate.conf b/tools/vagrant/systemvm/scripts/etc/logrotate.conf
deleted file mode 100644
index 59a6242bb4c..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/logrotate.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-# rotate log files daily
-daily
-# keep 5 days worth
-rotate 5
-# create new (empty) log files after rotating old ones
-create
-# use date as a suffix of the rotated file
-dateext
-# max size 50M
-size 50M
-# RPM packages drop log rotation information into this directory
-include /etc/logrotate.d
-# no packages own wtmp and btmp -- we'll rotate them here
-/var/log/wtmp {
- monthly
- create 0664 root utmp
- rotate 1
-}
-/var/log/btmp {
- missingok
- monthly
- create 0600 root utmp
- rotate 1
-}
-
diff --git a/tools/vagrant/systemvm/scripts/etc/logrotate.d/apache2 b/tools/vagrant/systemvm/scripts/etc/logrotate.d/apache2
deleted file mode 100644
index aeee66b5f8f..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/logrotate.d/apache2
+++ /dev/null
@@ -1,13 +0,0 @@
-/var/log/apache2/*.log {
- daily
- missingok
- rotate 5
- compress
- delaycompress
- notifempty
- create 640 root adm
- sharedscripts
- postrotate
- /etc/init.d/apache2 reload > /dev/null
- endscript
-}
diff --git a/tools/vagrant/systemvm/scripts/etc/logrotate.d/cloud b/tools/vagrant/systemvm/scripts/etc/logrotate.d/cloud
deleted file mode 100644
index 37440ace69f..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/logrotate.d/cloud
+++ /dev/null
@@ -1,27 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-/var/log/cloud.log {
- rotate 4
- daily
- missingok
- notifempty
- compress
- delaycompress
- postrotate
- pkill socat > /dev/null
- endscript
-}
diff --git a/tools/vagrant/systemvm/scripts/etc/logrotate.d/conntrackd b/tools/vagrant/systemvm/scripts/etc/logrotate.d/conntrackd
deleted file mode 100644
index d09d752e11e..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/logrotate.d/conntrackd
+++ /dev/null
@@ -1,13 +0,0 @@
-/var/log/conntrackd-stats.log {
- daily
- rotate 2
- missingok
- compress
- delaycompress
-
- postrotate
- if [ -e /var/run/conntrackd.sock ]; then
- invoke-rc.d conntrackd restart > /dev/null
- fi
- endscript
-}
diff --git a/tools/vagrant/systemvm/scripts/etc/logrotate.d/dnsmasq b/tools/vagrant/systemvm/scripts/etc/logrotate.d/dnsmasq
deleted file mode 100644
index 265459077f1..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/logrotate.d/dnsmasq
+++ /dev/null
@@ -1,13 +0,0 @@
-/var/log/dnsmasq.log {
- daily
- missingok
- rotate 5
- notifempty
- delaycompress
- sharedscripts
- postrotate
- [ ! -f /var/run/dnsmasq/dnsmasq.pid ] || kill -USR2 `cat /var/run/dnsmasq/dnsmasq.pid`
- endscript
- create 0640 dnsmasq root
-}
-
diff --git a/tools/vagrant/systemvm/scripts/etc/logrotate.d/haproxy b/tools/vagrant/systemvm/scripts/etc/logrotate.d/haproxy
deleted file mode 100644
index 858fe2a1c3a..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/logrotate.d/haproxy
+++ /dev/null
@@ -1,10 +0,0 @@
-/var/log/haproxy.log {
- daily
- rotate 5
- missingok
- notifempty
- size 10M
- postrotate
- /bin/kill -HUP `cat /var/run/rsyslog.pid 2> /dev/null` 2> /dev/null || true
- endscript
-}
diff --git a/tools/vagrant/systemvm/scripts/etc/logrotate.d/ppp b/tools/vagrant/systemvm/scripts/etc/logrotate.d/ppp
deleted file mode 100644
index 7181bc3f934..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/logrotate.d/ppp
+++ /dev/null
@@ -1,9 +0,0 @@
-/var/log/ppp-connect-errors {
- daily
- rotate 5
- missingok
- notifempty
- compress
- nocreate
-}
-
diff --git a/tools/vagrant/systemvm/scripts/etc/logrotate.d/rsyslog b/tools/vagrant/systemvm/scripts/etc/logrotate.d/rsyslog
deleted file mode 100644
index e18271e5fb1..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/logrotate.d/rsyslog
+++ /dev/null
@@ -1,37 +0,0 @@
-/var/log/syslog
-{
- rotate 7
- daily
- missingok
- notifempty
- delaycompress
- compress
- postrotate
- invoke-rc.d rsyslog reload > /dev/null
- endscript
-}
-
-/var/log/mail.info
-/var/log/mail.warn
-/var/log/mail.err
-/var/log/mail.log
-/var/log/daemon.log
-/var/log/kern.log
-/var/log/auth.log
-/var/log/user.log
-/var/log/lpr.log
-/var/log/cron.log
-/var/log/debug
-/var/log/messages
-{
- rotate 10
- daily
- missingok
- notifempty
- compress
- delaycompress
- sharedscripts
- postrotate
- invoke-rc.d rsyslog reload > /dev/null
- endscript
-}
diff --git a/tools/vagrant/systemvm/scripts/etc/modprobe.d/aesni_intel.conf b/tools/vagrant/systemvm/scripts/etc/modprobe.d/aesni_intel.conf
deleted file mode 100755
index 2bc7cb15fc3..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/modprobe.d/aesni_intel.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-blacklist aesni_intel
diff --git a/tools/vagrant/systemvm/scripts/etc/modprobe.d/pcspkr.conf b/tools/vagrant/systemvm/scripts/etc/modprobe.d/pcspkr.conf
deleted file mode 100755
index 892b51fef5b..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/modprobe.d/pcspkr.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-blacklist pcspkr
\ No newline at end of file
diff --git a/tools/vagrant/systemvm/scripts/etc/ppp/options.xl2tpd b/tools/vagrant/systemvm/scripts/etc/ppp/options.xl2tpd
deleted file mode 100755
index 08c301b098f..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/ppp/options.xl2tpd
+++ /dev/null
@@ -1,14 +0,0 @@
-proxyarp
-ipcp-accept-local
-ipcp-accept-remote
-noccp
-idle 1800
-auth
-crtscts
-mtu 1410
-mru 1410
-nodefaultroute
-debug
-lock
-connect-delay 5000
-ms-dns 10.1.1.1
diff --git a/tools/vagrant/systemvm/scripts/etc/profile.d/cloud.sh b/tools/vagrant/systemvm/scripts/etc/profile.d/cloud.sh
deleted file mode 100755
index 844527fb23b..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/profile.d/cloud.sh
+++ /dev/null
@@ -1,22 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-
-if [ "`id -u`" -eq 0 ]; then
- PATH=${PATH}:/opt/cloud/bin
-fi
-export PATH
diff --git a/tools/vagrant/systemvm/scripts/etc/rc.local b/tools/vagrant/systemvm/scripts/etc/rc.local
deleted file mode 100755
index fd3488e6f5e..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/rc.local
+++ /dev/null
@@ -1,29 +0,0 @@
-#/bin/bash
-
-[ ! -f /var/cache/cloud/enabled_svcs ] && touch /var/cache/cloud/enabled_svcs
-for svc in $(cat /var/cache/cloud/enabled_svcs)
-do
- logger -t cloud "Starting $svc"
- service $svc start
-done
-
-[ ! -f /var/cache/cloud/disabled_svcs ] && touch /var/cache/cloud/disabled_svcs
-for svc in $(cat /var/cache/cloud/disabled_svcs)
-do
- logger -t cloud "Stopping $svc"
- service $svc stop
-done
-
-CMDLINE=$(cat /var/cache/cloud/cmdline)
-router=$(echo "$CMDLINE" | grep -o type=router)
-vpcrouter=$(echo "$CMDLINE" | grep -o type=vpcrouter)
-
-if [ "$router" != "" ] || [ "$vpcrouter" != "" ]
-then
- echo 1000000 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
- echo 1000000 > /proc/sys/net/netfilter/nf_conntrack_max
- echo 1000000 > /proc/sys/net/nf_conntrack_max
-fi
-
-date > /var/cache/cloud/boot_up_done
-logger -t cloud "Boot up process done"
diff --git a/tools/vagrant/systemvm/scripts/etc/rsyslog.conf b/tools/vagrant/systemvm/scripts/etc/rsyslog.conf
deleted file mode 100755
index 8dc7c7504ca..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/rsyslog.conf
+++ /dev/null
@@ -1,106 +0,0 @@
-# /etc/rsyslog.conf Configuration file for rsyslog.
-#
-# For more information see
-# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
-
-
-#################
-#### MODULES ####
-#################
-
-$ModLoad imuxsock # provides support for local system logging
-$ModLoad imklog # provides kernel logging support (previously done by rklogd)
-#$ModLoad immark # provides --MARK-- message capability
-
-# provides UDP syslog reception
-$ModLoad imudp
-$UDPServerRun 3914
-
-# provides TCP syslog reception
-#$ModLoad imtcp
-#$InputTCPServerRun 514
-
-
-###########################
-#### GLOBAL DIRECTIVES ####
-###########################
-
-#
-# Use traditional timestamp format.
-# To enable high precision timestamps, comment out the following line.
-#
-$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
-
-#
-# Set the default permissions for all log files.
-#
-$FileOwner root
-$FileGroup adm
-$FileCreateMode 0640
-$DirCreateMode 0755
-$Umask 0022
-
-#
-# Include all config files in /etc/rsyslog.d/
-#
-$IncludeConfig /etc/rsyslog.d/*.conf
-
-
-###############
-#### RULES ####
-###############
-
-#
-# First some standard log files. Log by facility.
-#
-auth,authpriv.* /var/log/auth.log
-#*.*;auth,authpriv.none -/var/log/syslog
-cron.* /var/log/cron.log
-daemon.* -/var/log/daemon.log
-kern.* -/var/log/kern.log
-lpr.* -/var/log/lpr.log
-mail.* -/var/log/mail.log
-#user.* -/var/log/user.log
-
-#
-# Logging for the mail system. Split it up so that
-# it is easy to write scripts to parse these files.
-#
-mail.info -/var/log/mail.info
-mail.warn -/var/log/mail.warn
-mail.err /var/log/mail.err
-
-#
-# Logging for INN news system.
-#
-news.crit /var/log/news/news.crit
-news.err /var/log/news/news.err
-news.notice -/var/log/news/news.notice
-
-#
-# Some "catch-all" log files.
-#
-#*.=debug;\
-# auth,authpriv.none;\
-# news.none;mail.none -/var/log/debug
-*.=info;*.=notice;*.=warn;\
- auth,authpriv.none;\
- cron.none,daemon.none;\
- local0.none,daemon.none;\
- mail.none,news.none -/var/log/messages
-
-#
-# Emergencies are sent to everybody logged in.
-#
-*.emerg *
-
-#
-# I like to have messages displayed on the console, but only on a virtual
-# console I usually leave idle.
-#
-#daemon,mail.*;\
-# news.=crit;news.=err;news.=notice;\
-# *.=debug;*.=info;\
-# *.=notice;*.=warn /dev/tty8
-
-local0.* -/var/log/haproxy.log
diff --git a/tools/vagrant/systemvm/scripts/etc/ssh/sshd_config b/tools/vagrant/systemvm/scripts/etc/ssh/sshd_config
deleted file mode 100755
index 1bc29b777bb..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/ssh/sshd_config
+++ /dev/null
@@ -1,130 +0,0 @@
-# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $
-
-# This is the sshd server system-wide configuration file. See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
-
-# The strategy used for options in the default sshd_config shipped with
-# OpenSSH is to specify options with their default value where
-# possible, but leave them commented. Uncommented options change a
-# default value.
-
-Port 3922
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
-# Disable legacy (protocol version 1) support in the server for new
-# installations. In future the default will change to require explicit
-# activation of protocol 1
-Protocol 2
-
-# HostKey for protocol version 1
-#HostKey /etc/ssh/ssh_host_key
-# HostKeys for protocol version 2
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_dsa_key
-
-# Lifetime and size of ephemeral version 1 server key
-#KeyRegenerationInterval 1h
-#ServerKeyBits 768
-
-# Logging
-# obsoletes QuietMode and FascistLogging
-#SyslogFacility AUTH
-SyslogFacility AUTHPRIV
-#LogLevel INFO
-
-# Authentication:
-
-#LoginGraceTime 2m
-PermitRootLogin yes
-#StrictModes yes
-#MaxAuthTries 6
-
-#RSAAuthentication yes
-#PubkeyAuthentication yes
-#AuthorizedKeysFile .ssh/authorized_keys
-
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#RhostsRSAAuthentication no
-# similar for protocol version 2
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# RhostsRSAAuthentication and HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
-
-# To disable tunneled clear text passwords, change to no here!
-#PasswordAuthentication yes
-#PermitEmptyPasswords no
-PasswordAuthentication no
-
-# Change to no to disable s/key passwords
-#ChallengeResponseAuthentication yes
-ChallengeResponseAuthentication no
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-
-# GSSAPI options
-#GSSAPIAuthentication no
-GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-GSSAPICleanupCredentials yes
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication. Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-#UsePAM no
-UsePAM yes
-
-# Accept locale-related environment variables
-AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
-AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
-AcceptEnv LC_IDENTIFICATION LC_ALL
-#AllowTcpForwarding yes
-#GatewayPorts no
-#X11Forwarding no
-#X11Forwarding yes
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PrintMotd yes
-#PrintLastLog yes
-#TCPKeepAlive yes
-#UseLogin no
-#UsePrivilegeSeparation yes
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#ShowPatchLevel no
-UseDNS no
-#PidFile /var/run/sshd.pid
-#PermitTunnel no
-
-MaxStartups 1000
-MaxSessions 1000
-
-# no default banner path
-#Banner /some/path
-
-# override default of no subsystems
-Subsystem sftp /usr/libexec/openssh/sftp-server
-
-# Example of overriding settings on a per-user basis
-#Match User anoncvs
-# X11Forwarding no
-# AllowTcpForwarding no
-# ForceCommand cvs server
diff --git a/tools/vagrant/systemvm/scripts/etc/sysctl.conf b/tools/vagrant/systemvm/scripts/etc/sysctl.conf
deleted file mode 100755
index c8f4bfb0833..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/sysctl.conf
+++ /dev/null
@@ -1,50 +0,0 @@
-# Kernel sysctl configuration file
-#
-# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
-# sysctl.conf(5) for more details.
-# @VERSION@
-
-# Controls IP packet forwarding
-net.ipv4.ip_forward = 1
-
-# Controls source route verification
-net.ipv4.conf.default.rp_filter = 0
-
-# Do not accept source routing
-net.ipv4.conf.default.accept_source_route = 0
-
-# Respect local interface in ARP interactions
-net.ipv4.conf.default.arp_announce = 2
-net.ipv4.conf.default.arp_ignore = 2
-net.ipv4.conf.all.arp_announce = 2
-net.ipv4.conf.all.arp_ignore = 2
-
-# IPSec NETKEY -- avoid bogus redirects
-net.ipv4.conf.all.accept_redirects = 0
-net.ipv4.conf.default.accept_redirects = 0
-net.ipv4.conf.all.send_redirects = 0
-net.ipv4.conf.default.send_redirects = 0
-net.ipv4.conf.all.secure_redirects = 0
-net.ipv4.conf.default.secure_redirects = 0
-
-# Controls the System Request debugging functionality of the kernel
-kernel.sysrq = 0
-
-# Controls whether core dumps will append the PID to the core filename.
-# Useful for debugging multi-threaded applications.
-kernel.core_uses_pid = 1
-
-# Controls the use of TCP syncookies
-net.ipv4.tcp_syncookies = 1
-
-net.ipv4.netfilter.ip_conntrack_max=1000000
-net.ipv4.tcp_tw_reuse=1
-net.ipv4.tcp_max_tw_buckets=1000000
-net.core.somaxconn=1000000
-
-# Disable IPv6
-net.ipv6.conf.all.disable_ipv6 = 1
-net.ipv6.conf.all.forwarding = 0
-net.ipv6.conf.all.accept_ra = 0
-net.ipv6.conf.all.accept_redirects = 0
-net.ipv6.conf.all.autoconf = 0
diff --git a/tools/vagrant/systemvm/scripts/etc/vpcdnsmasq.conf b/tools/vagrant/systemvm/scripts/etc/vpcdnsmasq.conf
deleted file mode 100755
index d46d6236950..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/vpcdnsmasq.conf
+++ /dev/null
@@ -1,462 +0,0 @@
-# Configuration file for dnsmasq.
-#
-# Format is one option per line, legal options are the same
-# as the long options legal on the command line. See
-# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
-
-# The following two options make you a better netizen, since they
-# tell dnsmasq to filter out queries which the public DNS cannot
-# answer, and which load the servers (especially the root servers)
-# uneccessarily. If you have a dial-on-demand link they also stop
-# these requests from bringing up the link uneccessarily.
-
-# Never forward plain names (without a dot or domain part)
-domain-needed
-# Never forward addresses in the non-routed address spaces.
-bogus-priv
-
-
-# Uncomment this to filter useless windows-originated DNS requests
-# which can trigger dial-on-demand links needlessly.
-# Note that (amongst other things) this blocks all SRV requests,
-# so don't use it if you use eg Kerberos.
-# This option only affects forwarding, SRV records originating for
-# dnsmasq (via srv-host= lines) are not suppressed by it.
-#filterwin2k
-
-# Change this line if you want dns to get its upstream servers from
-# somewhere other that /etc/resolv.conf
-resolv-file=/etc/dnsmasq-resolv.conf
-
-# By default, dnsmasq will send queries to any of the upstream
-# servers it knows about and tries to favour servers to are known
-# to be up. Uncommenting this forces dnsmasq to try each query
-# with each server strictly in the order they appear in
-# /etc/resolv.conf
-#strict-order
-
-# If you don't want dnsmasq to read /etc/resolv.conf or any other
-# file, getting its servers from this file instead (see below), then
-# uncomment this.
-#no-resolv
-
-# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
-# files for changes and re-read them then uncomment this.
-#no-poll
-
-# Add other name servers here, with domain specs if they are for
-# non-public domains.
-#server=/localnet/192.168.0.1
-
-# Example of routing PTR queries to nameservers: this will send all
-# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
-#server=/3.168.192.in-addr.arpa/10.1.2.3
-
-# Add local-only domains here, queries in these domains are answered
-# from /etc/hosts or DHCP only.
-local=/2.vmops-test.vmops.com/
-
-# Add domains which you want to force to an IP address here.
-# The example below send any host in doubleclick.net to a local
-# webserver.
-#address=/doubleclick.net/127.0.0.1
-
-# If you want dnsmasq to change uid and gid to something other
-# than the default, edit the following lines.
-#user=
-#group=
-
-# If you want dnsmasq to listen for DHCP and DNS requests only on
-# specified interfaces (and the loopback) give the name of the
-# interface (eg eth0) here.
-# Repeat the line for more than one interface.
-#interface=eth0
-
-# Or you can specify which interface _not_ to listen on
-except-interface=lo
-
-# Or which to listen on by address (remember to include 127.0.0.1 if
-# you use this.)
-#listen-address=
-# If you want dnsmasq to provide only DNS service on an interface,
-# configure it as shown above, and then use the following line to
-# disable DHCP on it.
-#no-dhcp-interface=eth1
-
-# On systems which support it, dnsmasq binds the wildcard address,
-# even when it is listening on only some interfaces. It then discards
-# requests that it shouldn't reply to. This has the advantage of
-# working even when interfaces come and go and change address. If you
-# want dnsmasq to really bind only the interfaces it is listening on,
-# uncomment this option. About the only time you may need this is when
-# running another nameserver on the same machine.
-bind-interfaces
-
-# If you don't want dnsmasq to read /etc/hosts, uncomment the
-# following line.
-#no-hosts
-# or if you want it to read another file, as well as /etc/hosts, use
-# this.
-#addn-hosts=/etc/banner_add_hosts
-
-# Set this (and domain: see below) if you want to have a domain
-# automatically added to simple names in a hosts-file.
-expand-hosts
-
-# Set the domain for dnsmasq. this is optional, but if it is set, it
-# does the following things.
-# 1) Allows DHCP hosts to have fully qualified domain names, as long
-# as the domain part matches this setting.
-# 2) Sets the "domain" DHCP option thereby potentially setting the
-# domain of all systems configured by DHCP
-# 3) Provides the domain part for "expand-hosts"
-#domain=2.vmops-test.vmops.com
-
-# Uncomment this to enable the integrated DHCP server, you need
-# to supply the range of addresses available for lease and optionally
-# a lease time. If you have more than one network, you will need to
-# repeat this for each network on which you want to supply DHCP
-# service.
-#dhcp-range=10.1.1.1,static
-#dhcp-range=10.0.0.1,10.255.255.255
-#dhcp-hostsfile=/etc/dhcphosts.txt
-
-# This is an example of a DHCP range where the netmask is given. This
-# is needed for networks we reach the dnsmasq DHCP server via a relay
-# agent. If you don't know what a DHCP relay agent is, you probably
-# don't need to worry about this.
-#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
-
-# This is an example of a DHCP range with a network-id, so that
-# some DHCP options may be set only for this network.
-#dhcp-range=red,192.168.0.50,192.168.0.150
-
-# Supply parameters for specified hosts using DHCP. There are lots
-# of valid alternatives, so we will give examples of each. Note that
-# IP addresses DO NOT have to be in the range given above, they just
-# need to be on the same network. The order of the parameters in these
-# do not matter, it's permissble to give name,adddress and MAC in any order
-
-# Always allocate the host with ethernet address 11:22:33:44:55:66
-# The IP address 192.168.0.60
-#dhcp-host=11:22:33:44:55:66,192.168.0.60
-
-# Always set the name of the host with hardware address
-# 11:22:33:44:55:66 to be "fred"
-#dhcp-host=11:22:33:44:55:66,fred
-
-# Always give the host with ethernet address 11:22:33:44:55:66
-# the name fred and IP address 192.168.0.60 and lease time 45 minutes
-#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
-
-# Give the machine which says it's name is "bert" IP address
-# 192.168.0.70 and an infinite lease
-#dhcp-host=bert,192.168.0.70,infinite
-
-# Always give the host with client identifier 01:02:02:04
-# the IP address 192.168.0.60
-#dhcp-host=id:01:02:02:04,192.168.0.60
-
-# Always give the host with client identifier "marjorie"
-# the IP address 192.168.0.60
-#dhcp-host=id:marjorie,192.168.0.60
-
-# Enable the address given for "judge" in /etc/hosts
-# to be given to a machine presenting the name "judge" when
-# it asks for a DHCP lease.
-#dhcp-host=judge
-
-# Never offer DHCP service to a machine whose ethernet
-# address is 11:22:33:44:55:66
-#dhcp-host=11:22:33:44:55:66,ignore
-
-# Ignore any client-id presented by the machine with ethernet
-# address 11:22:33:44:55:66. This is useful to prevent a machine
-# being treated differently when running under different OS's or
-# between PXE boot and OS boot.
-#dhcp-host=11:22:33:44:55:66,id:*
-
-# Send extra options which are tagged as "red" to
-# the machine with ethernet address 11:22:33:44:55:66
-#dhcp-host=11:22:33:44:55:66,net:red
-
-# Send extra options which are tagged as "red" to
-# any machine with ethernet address starting 11:22:33:
-#dhcp-host=11:22:33:*:*:*,net:red
-
-# Ignore any clients which are specified in dhcp-host lines
-# or /etc/ethers. Equivalent to ISC "deny unkown-clients".
-# This relies on the special "known" tag which is set when
-# a host is matched.
-#dhcp-ignore=#known
-
-# Send extra options which are tagged as "red" to any machine whose
-# DHCP vendorclass string includes the substring "Linux"
-#dhcp-vendorclass=red,Linux
-
-# Send extra options which are tagged as "red" to any machine one
-# of whose DHCP userclass strings includes the substring "accounts"
-#dhcp-userclass=red,accounts
-
-# Send extra options which are tagged as "red" to any machine whose
-# MAC address matches the pattern.
-#dhcp-mac=red,00:60:8C:*:*:*
-
-# If this line is uncommented, dnsmasq will read /etc/ethers and act
-# on the ethernet-address/IP pairs found there just as if they had
-# been given as --dhcp-host options. Useful if you keep
-# MAC-address/host mappings there for other purposes.
-#read-ethers
-
-# Send options to hosts which ask for a DHCP lease.
-# See RFC 2132 for details of available options.
-# Common options can be given to dnsmasq by name:
-# run "dnsmasq --help dhcp" to get a list.
-# Note that all the common settings, such as netmask and
-# broadcast address, DNS server and default route, are given
-# sane defaults by dnsmasq. You very likely will not need
-# any dhcp-options. If you use Windows clients and Samba, there
-# are some options which are recommended, they are detailed at the
-# end of this section.
-
-# Override the default route supplied by dnsmasq, which assumes the
-# router is the same machine as the one running dnsmasq.
-#dhcp-option=3,1.2.3.4
-
-# Do the same thing, but using the option name
-#dhcp-option=option:router,1.2.3.4
-
-# Override the default route supplied by dnsmasq and send no default
-# route at all. Note that this only works for the options sent by
-# default (1, 3, 6, 12, 28) the same line will send a zero-length option
-# for all other option numbers.
-#dhcp-option=3
-
-# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
-#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
-
-# Set the NTP time server address to be the same machine as
-# is running dnsmasq
-#dhcp-option=42,0.0.0.0
-
-# Set the NIS domain name to "welly"
-#dhcp-option=40,welly
-
-# Set the default time-to-live to 50
-#dhcp-option=23,50
-
-# Set the "all subnets are local" flag
-#dhcp-option=27,1
-
-# Set the domain
-dhcp-option=15,"2.vmops-test.vmops.com"
-
-# Send the etherboot magic flag and then etherboot options (a string).
-#dhcp-option=128,e4:45:74:68:00:00
-#dhcp-option=129,NIC=eepro100
-
-# Specify an option which will only be sent to the "red" network
-# (see dhcp-range for the declaration of the "red" network)
-# Note that the net: part must precede the option: part.
-#dhcp-option = net:red, option:ntp-server, 192.168.1.1
-
-# The following DHCP options set up dnsmasq in the same way as is specified
-# for the ISC dhcpcd in
-# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
-# adapted for a typical dnsmasq installation where the host running
-# dnsmasq is also the host running samba.
-# you may want to uncomment them if you use Windows clients and Samba.
-#dhcp-option=19,0 # option ip-forwarding off
-#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
-#dhcp-option=45,0.0.0.0 # netbios datagram distribution server
-#dhcp-option=46,8 # netbios node type
-#dhcp-option=47 # empty netbios scope.
-
-# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
-# probably doesn't support this......
-#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
-
-# Send RFC-3442 classless static routes (note the netmask encoding)
-#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
-
-# Send vendor-class specific options encapsulated in DHCP option 43.
-# The meaning of the options is defined by the vendor-class so
-# options are sent only when the client supplied vendor class
-# matches the class given here. (A substring match is OK, so "MSFT"
-# matches "MSFT" and "MSFT 5.0"). This example sets the
-# mtftp address to 0.0.0.0 for PXEClients.
-#dhcp-option=vendor:PXEClient,1,0.0.0.0
-
-# Send microsoft-specific option to tell windows to release the DHCP lease
-# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
-# value as a four-byte integer - that's what microsoft wants. See
-# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
-dhcp-option=vendor:MSFT,2,1i
-
-# Send the Encapsulated-vendor-class ID needed by some configurations of
-# Etherboot to allow is to recognise the DHCP server.
-#dhcp-option=vendor:Etherboot,60,"Etherboot"
-
-# Send options to PXELinux. Note that we need to send the options even
-# though they don't appear in the parameter request list, so we need
-# to use dhcp-option-force here.
-# See http://syslinux.zytor.com/pxe.php#special for details.
-# Magic number - needed before anything else is recognised
-#dhcp-option-force=208,f1:00:74:7e
-# Configuration file name
-#dhcp-option-force=209,configs/common
-# Path prefix
-#dhcp-option-force=210,/tftpboot/pxelinux/files/
-# Reboot time. (Note 'i' to send 32-bit value)
-#dhcp-option-force=211,30i
-
-# Set the boot filename for BOOTP. You will only need
-# this is you want to boot machines over the network and you will need
-# a TFTP server; either dnsmasq's built in TFTP server or an
-# external one. (See below for how to enable the TFTP server.)
-#dhcp-boot=pxelinux.0
-
-# Enable dnsmasq's built-in TFTP server
-#enable-tftp
-
-# Set the root directory for files availble via FTP.
-#tftp-root=/var/ftpd
-
-# Make the TFTP server more secure: with this set, only files owned by
-# the user dnsmasq is running as will be send over the net.
-#tftp-secure
-
-# Set the boot file name only when the "red" tag is set.
-#dhcp-boot=net:red,pxelinux.red-net
-
-# An example of dhcp-boot with an external server: the name and IP
-# address of the server are given after the filename.
-#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
-
-# Set the limit on DHCP leases, the default is 150
-dhcp-lease-max=2100
-
-# The DHCP server needs somewhere on disk to keep its lease database.
-# This defaults to a sane location, but if you want to change it, use
-# the line below.
-#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
-leasefile-ro
-
-# Set the DHCP server to authoritative mode. In this mode it will barge in
-# and take over the lease for any client which broadcasts on the network,
-# whether it has a record of the lease or not. This avoids long timeouts
-# when a machine wakes up on a new network. DO NOT enable this if there's
-# the slighest chance that you might end up accidentally configuring a DHCP
-# server for your campus/company accidentally. The ISC server uses
-# the same option, and this URL provides more information:
-# http://www.isc.org/index.pl?/sw/dhcp/authoritative.php
-#dhcp-authoritative
-
-# Run an executable when a DHCP lease is created or destroyed.
-# The arguments sent to the script are "add" or "del",
-# then the MAC address, the IP address and finally the hostname
-# if there is one.
-#dhcp-script=/bin/echo
-
-# Set the cachesize here.
-#cache-size=150
-
-# If you want to disable negative caching, uncomment this.
-#no-negcache
-
-# Normally responses which come form /etc/hosts and the DHCP lease
-# file have Time-To-Live set as zero, which conventionally means
-# do not cache further. If you are happy to trade lower load on the
-# server for potentially stale date, you can set a time-to-live (in
-# seconds) here.
-#local-ttl=
-
-# If you want dnsmasq to detect attempts by Verisign to send queries
-# to unregistered .com and .net hosts to its sitefinder service and
-# have dnsmasq instead return the correct NXDOMAIN response, uncomment
-# this line. You can add similar lines to do the same for other
-# registries which have implemented wildcard A records.
-#bogus-nxdomain=64.94.110.11
-
-# If you want to fix up DNS results from upstream servers, use the
-# alias option. This only works for IPv4.
-# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
-#alias=1.2.3.4,5.6.7.8
-# and this maps 1.2.3.x to 5.6.7.x
-#alias=1.2.3.0,5.6.7.0,255.255.255.0
-
-
-# Change these lines if you want dnsmasq to serve MX records.
-
-# Return an MX record named "maildomain.com" with target
-# servermachine.com and preference 50
-#mx-host=maildomain.com,servermachine.com,50
-
-# Set the default target for MX records created using the localmx option.
-#mx-target=servermachine.com
-
-# Return an MX record pointing to the mx-target for all local
-# machines.
-#localmx
-
-# Return an MX record pointing to itself for all local machines.
-#selfmx
-
-# Change the following lines if you want dnsmasq to serve SRV
-# records. These are useful if you want to serve ldap requests for
-# Active Directory and other windows-originated DNS requests.
-# See RFC 2782.
-# You may add multiple srv-host lines.
-# The fields are ,,,,
-# If the domain part if missing from the name (so that is just has the
-# service and protocol sections) then the domain given by the domain=
-# config option is used. (Note that expand-hosts does not need to be
-# set for this to work.)
-
-# A SRV record sending LDAP for the example.com domain to
-# ldapserver.example.com port 289
-#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
-
-# A SRV record sending LDAP for the example.com domain to
-# ldapserver.example.com port 289 (using domain=)
-###domain=example.com
-#srv-host=_ldap._tcp,ldapserver.example.com,389
-
-# Two SRV records for LDAP, each with different priorities
-#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
-#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
-
-# A SRV record indicating that there is no LDAP server for the domain
-# example.com
-#srv-host=_ldap._tcp.example.com
-
-# The following line shows how to make dnsmasq serve an arbitrary PTR
-# record. This is useful for DNS-SD. (Note that the
-# domain-name expansion done for SRV records _does_not
-# occur for PTR records.)
-#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
-
-# Change the following lines to enable dnsmasq to serve TXT records.
-# These are used for things like SPF and zeroconf. (Note that the
-# domain-name expansion done for SRV records _does_not
-# occur for TXT records.)
-
-#Example SPF.
-#txt-record=example.com,"v=spf1 a -all"
-
-#Example zeroconf
-#txt-record=_http._tcp.example.com,name=value,paper=A4
-
-
-# For debugging purposes, log each DNS query as it passes through
-# dnsmasq.
-#log-queries
-
-# Log lots of extra information about DHCP transactions.
-#log-dhcp
-
-log-facility=/var/log/dnsmasq.log
-
-# Include a another lot of configuration options.
-#conf-file=/etc/dnsmasq.more.conf
-conf-dir=/etc/dnsmasq.d
diff --git a/tools/vagrant/systemvm/scripts/etc/xl2tpd/xl2tpd.conf b/tools/vagrant/systemvm/scripts/etc/xl2tpd/xl2tpd.conf
deleted file mode 100755
index 574eab1461e..00000000000
--- a/tools/vagrant/systemvm/scripts/etc/xl2tpd/xl2tpd.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-[lns default]
-ip range = 10.1.9.2-10.1.9.8
-local ip = 10.1.9.1
-require chap = yes
-refuse pap = yes
-pppoptfile = /etc/ppp/options.xl2tpd
diff --git a/tools/vagrant/systemvm/scripts/root/clearUsageRules.sh b/tools/vagrant/systemvm/scripts/root/clearUsageRules.sh
deleted file mode 100755
index 061688b7438..00000000000
--- a/tools/vagrant/systemvm/scripts/root/clearUsageRules.sh
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-
-# clearUsageRules.sh - remove iptable rules for removed public interfaces
-# @VERSION@
-
-if [ -f /root/removedVifs ]
-then
- var=`cat /root/removedVifs`
- # loop through even vif to be cleared
- for i in $var; do
- # Make sure vif doesn't exist
- if [ ! -f /sys/class/net/$i ]
- then
- # remove rules
- iptables -D NETWORK_STATS -i eth0 -o $i > /dev/null;
- iptables -D NETWORK_STATS -i $i -o eth0 > /dev/null;
- iptables -D NETWORK_STATS -o $i ! -i eth0 -p tcp > /dev/null;
- iptables -D NETWORK_STATS -i $i ! -o eth0 -p tcp > /dev/null;
- fi
- done
-rm /root/removedVifs
-fi
diff --git a/tools/vagrant/systemvm/scripts/root/func.sh b/tools/vagrant/systemvm/scripts/root/func.sh
deleted file mode 100755
index 17963458e36..00000000000
--- a/tools/vagrant/systemvm/scripts/root/func.sh
+++ /dev/null
@@ -1,143 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-# Only one lock is allowed: biglock
-
-# getLockFile() parameters
-# $1 lock filename
-# $2 timeout seconds
-
-#set -x
-
-getCurrLock() {
- result=`ls $__LOCKDIR/*-$1.lock 2>/dev/null | head -n1`
- while [ $? -ne 0 ]
- do
- result=`ls $__LOCKDIR/*-$1.lock 2>/dev/null| head -n1`
- done
- echo $result
-}
-
-getLockFile() {
- lock=$1
-
- __locked=0
- __TS=`date +%s%N`
- __LOCKDIR="/tmp"
- __LOCKFILE="$__LOCKDIR/$__TS-$$-$lock.lock"
-
- if [ $2 ]
- then
- __TIMEOUT=$2
- else
- __TIMEOUT=30
- fi
-
- if [ -e $__LOCKFILE ]
- then
- logger -t cloud "Process $0 pid $$ want to get ECLUSIVE LOCK $lock RECURSIVELY!"
- psline=`ps u $$`
- logger -t cloud "Failed job detail: $psline"
- echo 0
- return
- fi
-
- psline=`ps u $$`
- echo $psline > $__LOCKFILE
- if [ ! -e $__LOCKFILE ]
- then
- return
- fi
-
- for i in `seq 1 $(($__TIMEOUT * 10))`
- do
- currlock=$(getCurrLock $lock)
- if [ $currlock -ef $__LOCKFILE ]
- then
- __locked=1
- break
- fi
-
- sleep 0.1
- if [ $((i % 10)) -eq 0 ]
- then
- logger -t cloud "Process $0 pid $$ waiting for the lock $lock for another 1 second"
- fi
- done
- if [ $__locked -ne 1 ]
- then
- logger -t cloud "fail to acquire the lock $lock for process $0 pid $$ after $__TIMEOUT seconds time out!"
- cmd=`cat $currlock 2>/dev/null`
- if [ $? -eq 0 ]
- then
- logger -t cloud "waiting for process: $cmd"
- else
- logger -t cloud "didn't get info about process who we're waiting for"
- fi
- psline=`ps u $$`
- logger -t cloud "Failed job detail: $psline"
- rm $__LOCKFILE
- fi
- echo $__locked
-}
-
-# releaseLockFile() parameters
-# $1 lock filename
-# $2 locked(1) or not(0)
-releaseLockFile() {
- __LOCKDIR="/tmp"
- __LOCKFILE="$__LOCKDIR/*-$$-$1.lock"
- __locked=$2
- if [ "$__locked" == "1" ]
- then
- rm $__LOCKFILE
- fi
-}
-
-# releaseLockFile() parameters
-# $1 exit value
-# $2 lock filename
-# $3 locked(1) or not(0)
-unlock_exit() {
- releaseLockFile $2 $3
- exit $1
-}
-
-# calcuate the ip & network mask
-rangecalc(){
- local IFS='.'
- local -a oct mask ip
-
- read -ra oct <<<"$1"
- read -ra mask <<<"$2"
- for i in {0..3}
- do
- ip+=( "$(( oct[i] & mask[i] ))" )
- done
- echo "${ip[*]}"
-}
-
-#get cidr of the nic
-getcidr(){
- local dev=$1
- local mask=`ifconfig $dev|grep "Mask"|cut -d ":" -f 4`
- local cidrsize=`ip addr show $dev|grep inet|head -n 1|awk '{print $2}'|cut -d '/' -f 2`
- local ipaddr=`ip addr show $dev|grep inet|head -n 1|awk '{print $2}'|cut -d '/' -f 1`
- local base=$(rangecalc $ipaddr $mask)
- echo $base/$cidrsize
-}
diff --git a/tools/vagrant/systemvm/scripts/root/monitorServices.py b/tools/vagrant/systemvm/scripts/root/monitorServices.py
deleted file mode 100755
index c1dfba21a46..00000000000
--- a/tools/vagrant/systemvm/scripts/root/monitorServices.py
+++ /dev/null
@@ -1,387 +0,0 @@
-#!/usr/bin/python
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-
-
-
-
-from ConfigParser import SafeConfigParser
-from subprocess import *
-from os import path
-import time
-import os
-import logging
-
-class StatusCodes:
- SUCCESS = 0
- FAILED = 1
- INVALID_INP = 2
- RUNNING = 3
- STOPPED = 4
- STARTING = 5
-
-class Log:
- INFO = 'INFO'
- ALERT = 'ALERT'
- CRIT = 'CRIT'
- NOTIF = 'NOTIF'
-
-class Config:
- MONIT_AFTER_MINS = 30
- SLEEP_SEC = 1
- RETRY_ITERATIONS = 10
- RETRY_FOR_RESTART = 5
- MONITOR_LOG = '/var/log/monitor.log'
- UNMONIT_PS_FILE = '/etc/unmonit_psList.txt'
-
-
-def getConfig( config_file_path = "/etc/monitor.conf" ):
- """
- Reads the process configuration from the config file.
- Config file contains the processes to be monitored.
-
- """
- process_dict = {}
- parser = SafeConfigParser()
- parser.read( config_file_path )
-
-
- for section in parser.sections():
- process_dict[section] = {}
-
- for name, value in parser.items(section):
- process_dict[section][name] = value
-# printd (" %s = %r" % (name, value))
-
- return process_dict
-
-def printd (msg):
- """
- prints the debug messages
- """
-
- #for debug
- #print msg
- return 0
-
- f= open(Config.MONITOR_LOG,'r+')
- f.seek(0, 2)
- f.write(str(msg)+"\n")
- f.close()
-
-def raisealert(severity, msg, process_name=None):
- """ Writes the alert message"""
-
- #timeStr=str(time.ctime())
- if process_name is not None:
- log = '['+severity +']'+" " + '['+process_name+']' + " " + msg +"\n"
- else:
- log = '['+severity+']' + " " + msg +"\n"
-
- logging.basicConfig(level=logging.INFO,filename='/var/log/routerServiceMonitor.log',format='%(asctime)s %(message)s')
- logging.info(log)
- msg = 'logger -t monit '+ log
- pout = Popen(msg, shell=True, stdout=PIPE)
-
-
-def isPidMatchPidFile(pidfile, pids):
- """ Compares the running process pid with the pid in pid file.
- If a process with multiple pids then it matches with pid file
- """
-
- if pids is None or isinstance(pids,list) != True or len(pids) == 0:
- printd ("Invalid Arguments")
- return StatusCodes.FAILED
- if not path.isfile(pidfile):
- #It seems there is no pid file for this service
- printd("The pid file "+pidfile+" is not there for this process")
- return StatusCodes.FAILED
-
- fd=None
- try:
- fd = open(pidfile,'r')
- except:
- printd("pid file: "+ pidfile +" open failed")
- return StatusCodes.FAILED
-
-
- inp = fd.read()
-
- if not inp:
- fd.close()
- return StatusCodes.FAILED
-
- printd("file content "+str(inp))
- printd(pids)
- tocheck_pid = inp.strip()
- for item in pids:
- if str(tocheck_pid) == item.strip():
- printd("pid file matched")
- fd.close()
- return StatusCodes.SUCCESS
-
- fd.close()
- return StatusCodes.FAILED
-
-def checkProcessRunningStatus(process_name, pidFile):
- printd("checking the process " + process_name)
- cmd = ''
- pids = []
- cmd = 'pidof ' + process_name
- printd(cmd)
-
- #cmd = 'service ' + process_name + ' status'
- pout = Popen(cmd, shell=True, stdout=PIPE)
- exitStatus = pout.wait()
- temp_out = pout.communicate()[0]
-
- #check there is only one pid or not
- if exitStatus == 0:
- pids = temp_out.split(' ')
- printd("pid(s) of process %s are %s " %(process_name, pids))
-
- #there is more than one process so match the pid file
- #if not matched set pidFileMatched=False
- printd("Checking pid file")
- if isPidMatchPidFile(pidFile, pids) == StatusCodes.SUCCESS:
- return True,pids
-
- printd("pid of exit status %s" %exitStatus)
-
- return False,pids
-
-def restartService(service_name):
-
- cmd = 'service ' + service_name + ' restart'
- cout = Popen(cmd, shell=True, stdout=PIPE, stderr=STDOUT)
- return_val = cout.wait()
-
- if return_val == 0:
- printd("The service " + service_name +" recovered successfully ")
- msg="The process " +service_name+" is recovered successfully "
- raisealert(Log.INFO,msg,service_name)
- return True
- else:
- printd("process restart failed ....")
-
- return False
-
-
-
-def checkProcessStatus( process ):
- """
- Check the process running status, if not running tries to restart
- """
- process_name = process.get('processname')
- service_name = process.get('servicename')
- pidfile = process.get('pidfile')
- #temp_out = None
- restartFailed=False
- pidFileMatched=False
- pids=''
- cmd=''
- if process_name is None:
- printd ("\n Invalid Process Name")
- return StatusCodes.INVALID_INP
-
- status, pids = checkProcessRunningStatus(process_name, pidfile)
-
- if status == True:
- printd("The process is running ....")
- return StatusCodes.RUNNING
- else:
- printd("Process %s is not running trying to recover" %process_name)
- #Retry the process state for few seconds
-
- for i in range(1, Config.RETRY_ITERATIONS):
- time.sleep(Config.SLEEP_SEC)
-
- if i < Config.RETRY_FOR_RESTART: # this is just for trying few more times
-
- status, pids = checkProcessRunningStatus(process_name, pidfile)
- if status == True:
- raisealert(Log.ALERT, "The process detected as running", process_name)
- break
- else:
- printd("Process %s is not running checking the status again..." %process_name)
- continue
- else:
- msg="The process " +process_name+" is not running trying recover "
- raisealert(Log.INFO,process_name,msg)
-
- if service_name == 'apache2':
- # Killing apache2 process with this the main service will not start
- for pid in pids:
- cmd = 'kill -9 '+pid
- printd(cmd)
- Popen(cmd, shell=True, stdout=PIPE, stderr=STDOUT)
-
- if restartService(service_name) == True:
- break
- else:
- restartFailed = True
- continue
- #for end here
-
- if restartFailed == True:
- msg="The process %s recover failed "%process_name
- raisealert(Log.ALERT,process_name,msg)
-
- printd("Restart failed after number of retries")
- return StatusCodes.STOPPED
-
- return StatusCodes.RUNNING
-
-
-def monitProcess( processes_info ):
- """
- Monitors the processes which got from the config file
- """
- if len( processes_info ) == 0:
- printd("Invalid Input")
- return StatusCodes.INVALID_INP
-
- dict_unmonit={}
- umonit_update={}
- unMonitPs=False
-
- if not path.isfile(Config.UNMONIT_PS_FILE):
- printd('Unmonit File not exist')
- else:
- #load the dictionary with unmonit process list
- dict_unmonit = loadPsFromUnMonitFile()
-
- #time for noting process down time
- csec = repr(time.time()).split('.')[0]
-
- for process,properties in processes_info.items():
- #skip the process it its time stamp less than Config.MONIT_AFTER_MINS
- printd ("checking the service %s \n" %process)
-
- if not is_emtpy(dict_unmonit):
- if dict_unmonit.has_key(process):
- ts = dict_unmonit[process]
-
- if checkPsTimeStampForMonitor (csec, ts, properties) == False:
- unMonitPs = True
- continue
-
- if checkProcessStatus( properties) != StatusCodes.RUNNING:
- printd( "\n Service %s is not Running"%process)
- #add this process into unmonit list
- printd ("updating the service for unmonit %s\n" %process)
- umonit_update[process]=csec
-
- #if dict is not empty write to file else delete it
- if not is_emtpy(umonit_update):
- writePsListToUnmonitFile(umonit_update)
- else:
- if is_emtpy(umonit_update) and unMonitPs == False:
- #delete file it is there
- removeFile(Config.UNMONIT_PS_FILE)
-
-
-def checkPsTimeStampForMonitor(csec,ts, process):
- printd("Time difference=%s" %str(int(csec) - int(ts)))
- tmin = (int(csec) - int(ts) )/60
-
- if ( int(csec) - int(ts) )/60 < Config.MONIT_AFTER_MINS:
- raisealert(Log.ALERT, "The %s get monitor after %s minutes " %(process, Config.MONIT_AFTER_MINS))
- printd('process will be monitored after %s min' %(str(int(Config.MONIT_AFTER_MINS) - tmin)))
- return False
-
- return True
-
-def removeFile(fileName):
- if path.isfile(fileName):
- printd("Removing the file %s" %fileName)
- os.remove(fileName)
-
-def loadPsFromUnMonitFile():
-
- dict_unmonit = {}
-
- try:
- fd = open(Config.UNMONIT_PS_FILE)
- except:
- printd("Failed to open file %s " %(Config.UNMONIT_PS_FILE))
- return StatusCodes.FAILED
-
- ps = fd.read()
-
- if not ps:
- printd("File %s content is empty " %Config.UNMONIT_PS_FILE)
- return StatusCodes.FAILED
-
- printd(ps)
- plist = ps.split(',')
- plist.remove('')
- for i in plist:
- dict_unmonit[i.split(':')[0]] = i.split(':')[1]
-
- fd.close()
-
- return dict_unmonit
-
-
-def writePsListToUnmonitFile(umonit_update):
- printd("Write updated unmonit list to file")
- line=''
- for i in umonit_update:
- line+=str(i)+":"+str(umonit_update[i])+','
- printd(line)
- try:
- fd=open(Config.UNMONIT_PS_FILE,'w')
- except:
- printd("Failed to open file %s " %Config.UNMONIT_PS_FILE)
- return StatusCodes.FAILED
-
- fd.write(line)
- fd.close()
-
-
-def is_emtpy(struct):
- """
- Checks wether the given struct is empty or not
- """
- if struct:
- return False
- else:
- return True
-
-def main():
- '''
- Step1 : Get Config
- '''
- printd("monitoring started")
- temp_dict = getConfig()
-
- '''
- Step2: Monitor and Raise Alert
- '''
- monitProcess( temp_dict )
-
-if __name__ == "__main__":
- main()
-
-
-
-
-
-
-
diff --git a/tools/vagrant/systemvm/scripts/root/reconfigLB.sh b/tools/vagrant/systemvm/scripts/root/reconfigLB.sh
deleted file mode 100755
index 70a29126db3..00000000000
--- a/tools/vagrant/systemvm/scripts/root/reconfigLB.sh
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-
-ret=0
-
-new_config=$1
-
-# save previous state
- mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.old
- mv /var/run/haproxy.pid /var/run/haproxy.pid.old
-
- mv $new_config /etc/haproxy/haproxy.cfg
- kill -TTOU $(cat /var/run/haproxy.pid.old)
- sleep 2
- if haproxy -D -p /var/run/haproxy.pid -f /etc/haproxy/haproxy.cfg; then
- logger -t cloud "New haproxy instance successfully loaded, stopping previous one."
- kill -KILL $(cat /var/run/haproxy.pid.old)
- rm -f /var/run/haproxy.pid.old
- ret=0
- else
- logger -t cloud "New instance failed to start, resuming previous one."
- kill -TTIN $(cat /var/run/haproxy.pid.old)
- rm -f /var/run/haproxy.pid
- mv /var/run/haproxy.pid.old /var/run/haproxy.pid
- mv /etc/haproxy/haproxy.cfg $new_config
- mv /etc/haproxy/haproxy.cfg.old /etc/haproxy/haproxy.cfg
- ret=1
- fi
-
-exit $ret
-
diff --git a/tools/vagrant/systemvm/scripts/root/redundant_router/arping_gateways.sh.templ b/tools/vagrant/systemvm/scripts/root/redundant_router/arping_gateways.sh.templ
deleted file mode 100755
index 931c95901c8..00000000000
--- a/tools/vagrant/systemvm/scripts/root/redundant_router/arping_gateways.sh.templ
+++ /dev/null
@@ -1,29 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist
-while read i
-do
- ip addr show $i|grep "inet " > /tmp/iplist_$i
- while read line
- do
- ip=`echo $line|cut -d " " -f 2|cut -d "/" -f 1`
- arping -I $i -A $ip -c 1 >> [RROUTER_LOG] 2>&1
- arping -I $i -A $ip -c 1 >> [RROUTER_LOG] 2>&1
- done < /tmp/iplist_$i
-done < /tmp/iflist
-sleep 1
diff --git a/tools/vagrant/systemvm/scripts/root/redundant_router/backup.sh.templ b/tools/vagrant/systemvm/scripts/root/redundant_router/backup.sh.templ
deleted file mode 100755
index 32c811b26d4..00000000000
--- a/tools/vagrant/systemvm/scripts/root/redundant_router/backup.sh.templ
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-sleep 1
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
- exit 1
-fi
-
-echo To backup called >> [RROUTER_LOG]
-[RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
-echo Disable public ip $? >> [RROUTER_LOG]
-[RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
-[RROUTER_BIN_PATH]/primary-backup.sh backup >> [RROUTER_LOG] 2>&1
-echo Switch conntrackd mode backup $? >> [RROUTER_LOG]
-echo Status: BACKUP >> [RROUTER_LOG]
-
-releaseLockFile $lock $locked
-exit 0
diff --git a/tools/vagrant/systemvm/scripts/root/redundant_router/check_bumpup.sh b/tools/vagrant/systemvm/scripts/root/redundant_router/check_bumpup.sh
deleted file mode 100755
index 7682bad5f63..00000000000
--- a/tools/vagrant/systemvm/scripts/root/redundant_router/check_bumpup.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-cat /tmp/rrouter_bumped
diff --git a/tools/vagrant/systemvm/scripts/root/redundant_router/check_heartbeat.sh.templ b/tools/vagrant/systemvm/scripts/root/redundant_router/check_heartbeat.sh.templ
deleted file mode 100755
index d6bdc5d63e3..00000000000
--- a/tools/vagrant/systemvm/scripts/root/redundant_router/check_heartbeat.sh.templ
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-
-STRIKE_FILE="[RROUTER_BIN_PATH]/keepalived.strikes"
-
-if [ -e [RROUTER_BIN_PATH]/keepalived.ts2 ]
-then
- lasttime=$(cat [RROUTER_BIN_PATH]/keepalived.ts2)
- thistime=$(cat [RROUTER_BIN_PATH]/keepalived.ts)
- diff=$(($thistime - $lasttime))
- s=0
- if [ $diff -lt 30 ]
- then
- if [ -e $STRIKE_FILE ]
- then
- s=`cat $STRIKE_FILE 2>/dev/null`
- fi
- s=$(($s+1))
- echo $s > $STRIKE_FILE
- else
- rm $STRIKE_FILE
- fi
- #3 strikes rule
- if [ $s -gt 2 ]
- then
- echo Keepalived process is dead! >> [RROUTER_LOG]
- [RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
- [RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
- [RROUTER_BIN_PATH]/primary-backup.sh fault >> [RROUTER_LOG] 2>&1
- service keepalived stop >> [RROUTER_LOG] 2>&1
- service conntrackd stop >> [RROUTER_LOG] 2>&1
- pkill -9 keepalived >> [RROUTER_LOG] 2>&1
- pkill -9 conntrackd >> [RROUTER_LOG] 2>&1
- echo Status: FAULT \(keepalived process is dead\) >> [RROUTER_LOG]
- exit
- fi
-fi
-
-cp [RROUTER_BIN_PATH]/keepalived.ts [RROUTER_BIN_PATH]/keepalived.ts2
diff --git a/tools/vagrant/systemvm/scripts/root/redundant_router/checkrouter.sh.templ b/tools/vagrant/systemvm/scripts/root/redundant_router/checkrouter.sh.templ
deleted file mode 100755
index fbf4f0f54d0..00000000000
--- a/tools/vagrant/systemvm/scripts/root/redundant_router/checkrouter.sh.templ
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-
-source /root/func.sh
-
-nolock=0
-if [ $# -eq 1 ]
-then
- if [ $1 == "--no-lock" ]
- then
- nolock=1
- fi
-fi
-
-if [ $nolock -eq 0 ]
-then
- lock="biglock"
- locked=$(getLockFile $lock)
- if [ "$locked" != "1" ]
- then
- exit 1
- fi
-fi
-
-bumped="Bumped: NO"
-if [ -e /tmp/rrouter_bumped ]
-then
- bumped="Bumped: YES"
-fi
-
-stat=`tail -n 1 [RROUTER_LOG] | grep "Status"`
-if [ $? -eq 0 ]
-then
- echo "$stat&$bumped"
-fi
-
-if [ $nolock -eq 0 ]
-then
- unlock_exit $? $lock $locked
-fi
diff --git a/tools/vagrant/systemvm/scripts/root/redundant_router/conntrackd.conf.templ b/tools/vagrant/systemvm/scripts/root/redundant_router/conntrackd.conf.templ
deleted file mode 100755
index 091de105625..00000000000
--- a/tools/vagrant/systemvm/scripts/root/redundant_router/conntrackd.conf.templ
+++ /dev/null
@@ -1,401 +0,0 @@
-#
-# Synchronizer settings
-#
-Sync {
- Mode FTFW {
- #
- # Size of the resend queue (in objects). This is the maximum
- # number of objects that can be stored waiting to be confirmed
- # via acknoledgment. If you keep this value low, the daemon
- # will have less chances to recover state-changes under message
- # omission. On the other hand, if you keep this value high,
- # the daemon will consume more memory to store dead objects.
- # Default is 131072 objects.
- #
- # ResendQueueSize 131072
-
- #
- # This parameter allows you to set an initial fixed timeout
- # for the committed entries when this node goes from backup
- # to primary. This mechanism provides a way to purge entries
- # that were not recovered appropriately after the specified
- # fixed timeout. If you set a low value, TCP entries in
- # Established states with no traffic may hang. For example,
- # an SSH connection without KeepAlive enabled. If not set,
- # the daemon uses an approximate timeout value calculation
- # mechanism. By default, this option is not set.
- #
- # CommitTimeout 180
-
- #
- # If the firewall replica goes from primary to backup,
- # the conntrackd -t command is invoked in the script.
- # This command schedules a flush of the table in N seconds.
- # This is useful to purge the connection tracking table of
- # zombie entries and avoid clashes with old entries if you
- # trigger several consecutive hand-overs. Default is 60 seconds.
- #
- # PurgeTimeout 60
-
- # Set the acknowledgement window size. If you decrease this
- # value, the number of acknowlegdments increases. More
- # acknowledgments means more overhead as conntrackd has to
- # handle more control messages. On the other hand, if you
- # increase this value, the resend queue gets more populated.
- # This results in more overhead in the queue releasing.
- # The following value is based on some practical experiments
- # measuring the cycles spent by the acknowledgment handling
- # with oprofile. If not set, default window size is 300.
- #
- # ACKWindowSize 300
-
- #
- # This clause allows you to disable the external cache. Thus,
- # the state entries are directly injected into the kernel
- # conntrack table. As a result, you save memory in user-space
- # but you consume slots in the kernel conntrack table for
- # backup state entries. Moreover, disabling the external cache
- # means more CPU consumption. You need a Linux kernel
- # >= 2.6.29 to use this feature. By default, this clause is
- # set off. If you are installing conntrackd for first time,
- # please read the user manual and I encourage you to consider
- # using the fail-over scripts instead of enabling this option!
- #
- # DisableExternalCache Off
- }
-
- #
- # Multicast IP and interface where messages are
- # broadcasted (dedicated link). IMPORTANT: Make sure
- # that iptables accepts traffic for destination
- # 225.0.0.50, eg:
- #
- # iptables -I INPUT -d 225.0.0.50 -j ACCEPT
- # iptables -I OUTPUT -d 225.0.0.50 -j ACCEPT
- #
- Multicast {
- #
- # Multicast address: The address that you use as destination
- # in the synchronization messages. You do not have to add
- # this IP to any of your existing interfaces. If any doubt,
- # do not modify this value.
- #
- IPv4_address 225.0.0.50
-
- #
- # The multicast group that identifies the cluster. If any
- # doubt, do not modify this value.
- #
- Group 3780
-
- #
- # IP address of the interface that you are going to use to
- # send the synchronization messages. Remember that you must
- # use a dedicated link for the synchronization messages.
- #
- IPv4_interface [LINK_IP]
-
- #
- # The name of the interface that you are going to use to
- # send the synchronization messages.
- #
- Interface [LINK_IF]
-
- # The multicast sender uses a buffer to enqueue the packets
- # that are going to be transmitted. The default size of this
- # socket buffer is available at /proc/sys/net/core/wmem_default.
- # This value determines the chances to have an overrun in the
- # sender queue. The overrun results packet loss, thus, losing
- # state information that would have to be retransmitted. If you
- # notice some packet loss, you may want to increase the size
- # of the sender buffer. The default size is usually around
- # ~100 KBytes which is fairly small for busy firewalls.
- #
- SndSocketBuffer 1249280
-
- # The multicast receiver uses a buffer to enqueue the packets
- # that the socket is pending to handle. The default size of this
- # socket buffer is available at /proc/sys/net/core/rmem_default.
- # This value determines the chances to have an overrun in the
- # receiver queue. The overrun results packet loss, thus, losing
- # state information that would have to be retransmitted. If you
- # notice some packet loss, you may want to increase the size of
- # the receiver buffer. The default size is usually around
- # ~100 KBytes which is fairly small for busy firewalls.
- #
- RcvSocketBuffer 1249280
-
- #
- # Enable/Disable message checksumming. This is a good
- # property to achieve fault-tolerance. In case of doubt, do
- # not modify this value.
- #
- Checksum on
- }
- #
- # You can specify more than one dedicated link. Thus, if one dedicated
- # link fails, conntrackd can fail-over to another. Note that adding
- # more than one dedicated link does not mean that state-updates will
- # be sent to all of them. There is only one active dedicated link at
- # a given moment. The `Default' keyword indicates that this interface
- # will be selected as the initial dedicated link. You can have
- # up to 4 redundant dedicated links. Note: Use different multicast
- # groups for every redundant link.
- #
- # Multicast Default {
- # IPv4_address 225.0.0.51
- # Group 3781
- # IPv4_interface 192.168.100.101
- # Interface eth3
- # # SndSocketBuffer 1249280
- # # RcvSocketBuffer 1249280
- # Checksum on
- # }
-
- #
- # You can use Unicast UDP instead of Multicast to propagate events.
- # Note that you cannot use unicast UDP and Multicast at the same
- # time, you can only select one.
- #
- # UDP {
- #
- # UDP address that this firewall uses to listen to events.
- #
- # IPv4_address 192.168.2.100
- #
- # or you may want to use an IPv6 address:
- #
- # IPv6_address fe80::215:58ff:fe28:5a27
-
- #
- # Destination UDP address that receives events, ie. the other
- # firewall's dedicated link address.
- #
- # IPv4_Destination_Address 192.168.2.101
- #
- # or you may want to use an IPv6 address:
- #
- # IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c
-
- #
- # UDP port used
- #
- # Port 3780
-
- #
- # The name of the interface that you are going to use to
- # send the synchronization messages.
- #
- # Interface eth2
-
- #
- # The sender socket buffer size
- #
- # SndSocketBuffer 1249280
-
- #
- # The receiver socket buffer size
- #
- # RcvSocketBuffer 1249280
-
- #
- # Enable/Disable message checksumming.
- #
- # Checksum on
- # }
-
-}
-
-#
-# General settings
-#
-General {
- #
- # Set the nice value of the daemon, this value goes from -20
- # (most favorable scheduling) to 19 (least favorable). Using a
- # very low value reduces the chances to lose state-change events.
- # Default is 0 but this example file sets it to most favourable
- # scheduling as this is generally a good idea. See man nice(1) for
- # more information.
- #
- Nice -20
-
- #
- # Select a different scheduler for the daemon, you can select between
- # RR and FIFO and the process priority (minimum is 0, maximum is 99).
- # See man sched_setscheduler(2) for more information. Using a RT
- # scheduler reduces the chances to overrun the Netlink buffer.
- #
- # Scheduler {
- # Type FIFO
- # Priority 99
- # }
-
- #
- # Number of buckets in the cache hashtable. The bigger it is,
- # the closer it gets to O(1) at the cost of consuming more memory.
- # Read some documents about tuning hashtables for further reference.
- #
- HashSize 32768
-
- #
- # Maximum number of conntracks, it should be double of:
- # $ cat /proc/sys/net/netfilter/nf_conntrack_max
- # since the daemon may keep some dead entries cached for possible
- # retransmission during state synchronization.
- #
- HashLimit 131072
-
- #
- # Logfile: on (/var/log/conntrackd.log), off, or a filename
- # Default: off
- #
- LogFile on
-
- #
- # Syslog: on, off or a facility name (daemon (default) or local0..7)
- # Default: off
- #
- #Syslog on
-
- #
- # Lockfile
- #
- LockFile /var/lock/conntrack.lock
-
- #
- # Unix socket configuration
- #
- UNIX {
- Path /var/run/conntrackd.ctl
- Backlog 20
- }
-
- #
- # Netlink event socket buffer size. If you do not specify this clause,
- # the default buffer size value in /proc/net/core/rmem_default is
- # used. This default value is usually around 100 Kbytes which is
- # fairly small for busy firewalls. This leads to event message dropping
- # and high CPU consumption. This example configuration file sets the
- # size to 2 MBytes to avoid this sort of problems.
- #
- NetlinkBufferSize 2097152
-
- #
- # The daemon doubles the size of the netlink event socket buffer size
- # if it detects netlink event message dropping. This clause sets the
- # maximum buffer size growth that can be reached. This example file
- # sets the size to 8 MBytes.
- #
- NetlinkBufferSizeMaxGrowth 8388608
-
- #
- # If the daemon detects that Netlink is dropping state-change events,
- # it automatically schedules a resynchronization against the Kernel
- # after 30 seconds (default value). Resynchronizations are expensive
- # in terms of CPU consumption since the daemon has to get the full
- # kernel state-table and purge state-entries that do not exist anymore.
- # Be careful of setting a very small value here. You have the following
- # choices: On (enabled, use default 30 seconds value), Off (disabled)
- # or Value (in seconds, to set a specific amount of time). If not
- # specified, the daemon assumes that this option is enabled.
- #
- # NetlinkOverrunResync On
-
- #
- # If you want reliable event reporting over Netlink, set on this
- # option. If you set on this clause, it is a good idea to set off
- # NetlinkOverrunResync. This option is off by default and you need
- # a Linux kernel >= 2.6.31.
- #
- # NetlinkEventsReliable Off
-
- #
- # By default, the daemon receives state updates following an
- # event-driven model. You can modify this behaviour by switching to
- # polling mode with the PollSecs clause. This clause tells conntrackd
- # to dump the states in the kernel every N seconds. With regards to
- # synchronization mode, the polling mode can only guarantee that
- # long-lifetime states are recovered. The main advantage of this method
- # is the reduction in the state replication at the cost of reducing the
- # chances of recovering connections.
- #
- # PollSecs 15
-
- #
- # The daemon prioritizes the handling of state-change events coming
- # from the core. With this clause, you can set the maximum number of
- # state-change events (those coming from kernel-space) that the daemon
- # will handle after which it will handle other events coming from the
- # network or userspace. A low value improves interactivity (in terms of
- # real-time behaviour) at the cost of extra CPU consumption.
- # Default (if not set) is 100.
- #
- # EventIterationLimit 100
-
- #
- # Event filtering: This clause allows you to filter certain traffic,
- # There are currently three filter-sets: Protocol, Address and
- # State. The filter is attached to an action that can be: Accept or
- # Ignore. Thus, you can define the event filtering policy of the
- # filter-sets in positive or negative logic depending on your needs.
- # You can select if conntrackd filters the event messages from
- # user-space or kernel-space. The kernel-space event filtering
- # saves some CPU cycles by avoiding the copy of the event message
- # from kernel-space to user-space. The kernel-space event filtering
- # is prefered, however, you require a Linux kernel >= 2.6.29 to
- # filter from kernel-space. If you want to select kernel-space
- # event filtering, use the keyword 'Kernelspace' instead of
- # 'Userspace'.
- #
- Filter From Userspace {
- #
- # Accept only certain protocols: You may want to replicate
- # the state of flows depending on their layer 4 protocol.
- #
- Protocol Accept {
- TCP
- SCTP
- DCCP
- # UDP
- # ICMP # This requires a Linux kernel >= 2.6.31
- }
-
- #
- # Ignore traffic for a certain set of IP's: Usually all the
- # IP assigned to the firewall since local traffic must be
- # ignored, only forwarded connections are worth to replicate.
- # Note that these values depends on the local IPs that are
- # assigned to the firewall.
- #
- Address Ignore {
- IPv4_address 127.0.0.1 # loopback
- IPv4_address [IGNORE_IP1]
- IPv4_address [IGNORE_IP2]
- IPv4_address [IGNORE_IP3]
- #IPv4_address 192.168.0.100 # virtual IP 1
- #IPv4_address 192.168.1.100 # virtual IP 2
- #IPv4_address 192.168.0.1
- #IPv4_address 192.168.1.1
- #IPv4_address 192.168.100.100 # dedicated link ip
- #
- # You can also specify networks in format IP/cidr.
- # IPv4_address 192.168.0.0/24
- #
- # You can also specify an IPv6 address
- # IPv6_address ::1
- }
-
- #
- # Uncomment this line below if you want to filter by flow state.
- # This option introduces a trade-off in the replication: it
- # reduces CPU consumption at the cost of having lazy backup
- # firewall replicas. The existing TCP states are: SYN_SENT,
- # SYN_RECV, ESTABLISHED, FIN_WAIT, CLOSE_WAIT, LAST_ACK,
- # TIME_WAIT, CLOSED, LISTEN.
- #
- # State Accept {
- # ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP
- # }
- }
-}
diff --git a/tools/vagrant/systemvm/scripts/root/redundant_router/disable_pubip.sh b/tools/vagrant/systemvm/scripts/root/redundant_router/disable_pubip.sh
deleted file mode 100755
index ee4e894ba69..00000000000
--- a/tools/vagrant/systemvm/scripts/root/redundant_router/disable_pubip.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist
-while read i
-do
- ifconfig $i down
-done < /tmp/iflist
diff --git a/tools/vagrant/systemvm/scripts/root/redundant_router/enable_pubip.sh.templ b/tools/vagrant/systemvm/scripts/root/redundant_router/enable_pubip.sh.templ
deleted file mode 100755
index a59cd66220e..00000000000
--- a/tools/vagrant/systemvm/scripts/root/redundant_router/enable_pubip.sh.templ
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist
-ip addr show eth2 | grep "inet" 2>&1 > /dev/null
-is_init=$?
-
-set -e
-
-while read i
-do
- # if eth2'ip has already been configured, we would use ifconfig rather than ifdown/ifup
- if [ "$i" == "eth2" -a "$is_init" != "0" ]
- then
- ifdown $i
- ifup $i
- else
- ifconfig $i down
- ifconfig $i up
- fi
-done < /tmp/iflist
-ip route add default via [GATEWAY] dev eth2
-
-while read line
-do
-dev=$(echo $line | awk '{print $1'})
-gw=$(echo $line | awk '{print $2'})
-
-if [ "$dev" == "eth2" ]
-then
- continue;
-fi
-ip route add default via $gw table Table_$dev proto static
-
-done < /var/cache/cloud/ifaceGwIp
diff --git a/tools/vagrant/systemvm/scripts/root/redundant_router/fault.sh.templ b/tools/vagrant/systemvm/scripts/root/redundant_router/fault.sh.templ
deleted file mode 100755
index c008a9cb449..00000000000
--- a/tools/vagrant/systemvm/scripts/root/redundant_router/fault.sh.templ
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
- exit 1
-fi
-
-echo To fault called >> [RROUTER_LOG]
-[RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
-echo Disable public ip >> [RROUTER_LOG]
-[RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
-echo Stop services $? >> [RROUTER_LOG]
-[RROUTER_BIN_PATH]/primary-backup.sh fault >> [RROUTER_LOG] 2>&1
-echo Switch conntrackd mode fault $? >> [RROUTER_LOG]
-echo Status: FAULT >> [RROUTER_LOG]
-
-releaseLockFile $lock $locked
diff --git a/tools/vagrant/systemvm/scripts/root/redundant_router/heartbeat.sh.templ b/tools/vagrant/systemvm/scripts/root/redundant_router/heartbeat.sh.templ
deleted file mode 100755
index e064c1a2cf3..00000000000
--- a/tools/vagrant/systemvm/scripts/root/redundant_router/heartbeat.sh.templ
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-t=$(date +%s)
-echo $t > [RROUTER_BIN_PATH]/keepalived.ts
diff --git a/tools/vagrant/systemvm/scripts/root/redundant_router/keepalived.conf.templ b/tools/vagrant/systemvm/scripts/root/redundant_router/keepalived.conf.templ
deleted file mode 100755
index a4969a5b698..00000000000
--- a/tools/vagrant/systemvm/scripts/root/redundant_router/keepalived.conf.templ
+++ /dev/null
@@ -1,57 +0,0 @@
-! Licensed to the Apache Software Foundation (ASF) under one
-! or more contributor license agreements. See the NOTICE file
-! distributed with this work for additional information
-! regarding copyright ownership. The ASF licenses this file
-! to you under the Apache License, Version 2.0 (the
-! "License"); you may not use this file except in compliance
-! with the License. You may obtain a copy of the License at
-!
-! http://www.apache.org/licenses/LICENSE-2.0
-!
-! Unless required by applicable law or agreed to in writing,
-! software distributed under the License is distributed on an
-! "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-! KIND, either express or implied. See the License for the
-! specific language governing permissions and limitations
-! under the License.
-
-global_defs {
- router_id [ROUTER_ID]
-}
-
-vrrp_script check_bumpup {
- script "[RROUTER_BIN_PATH]/check_bumpup.sh"
- interval 5
- weight [DELTA]
-}
-
-vrrp_script heartbeat {
- script "[RROUTER_BIN_PATH]/heartbeat.sh"
- interval 10
-}
-
-vrrp_instance inside_network {
- state BACKUP
- interface eth0
- virtual_router_id 51
- priority [PRIORITY]
-
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass WORD
- }
-
- virtual_ipaddress {
- [ROUTER_IP] brd [BOARDCAST] dev eth0
- }
-
- track_script {
- check_bumpup
- heartbeat
- }
-
- notify_master "[RROUTER_BIN_PATH]/master.sh"
- notify_backup "[RROUTER_BIN_PATH]/backup.sh"
- notify_fault "[RROUTER_BIN_PATH]/fault.sh"
-}
diff --git a/tools/vagrant/systemvm/scripts/root/redundant_router/master.sh.templ b/tools/vagrant/systemvm/scripts/root/redundant_router/master.sh.templ
deleted file mode 100755
index 11ca6284f65..00000000000
--- a/tools/vagrant/systemvm/scripts/root/redundant_router/master.sh.templ
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
- exit 1
-fi
-
-echo To master called >> [RROUTER_LOG]
-[RROUTER_BIN_PATH]/enable_pubip.sh >> [RROUTER_LOG] 2>&1
-ret=$?
-if [ $ret -eq 0 ]
-then
- [RROUTER_BIN_PATH]/services.sh restart >> [RROUTER_LOG] 2>&1
- ret=$?
-fi
-last_msg=`tail -n 1 [RROUTER_LOG]`
-echo Enable public ip returned $ret >> [RROUTER_LOG]
-if [ $ret -ne 0 ]
-then
- echo Fail to enable public ip! >> [RROUTER_LOG]
- [RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
- [RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
- service keepalived stop >> [RROUTER_LOG] 2>&1
- service conntrackd stop >> [RROUTER_LOG] 2>&1
- echo Status: FAULT \($last_msg\) >> [RROUTER_LOG]
- releaseLockFile $lock $locked
- exit
-fi
-[RROUTER_BIN_PATH]/primary-backup.sh primary >> [RROUTER_LOG] 2>&1
-ret=$?
-echo Switch conntrackd mode primary returned $ret >> [RROUTER_LOG]
-if [ $ret -ne 0 ]
-then
- echo Fail to switch conntrackd mode, but try to continue working >> [RROUTER_LOG]
-fi
-[RROUTER_BIN_PATH]/arping_gateways.sh
-echo Status: MASTER >> [RROUTER_LOG]
-
-releaseLockFile $lock $locked
-exit 0
diff --git a/tools/vagrant/systemvm/scripts/root/redundant_router/primary-backup.sh.templ b/tools/vagrant/systemvm/scripts/root/redundant_router/primary-backup.sh.templ
deleted file mode 100755
index 4eb9eafe4fd..00000000000
--- a/tools/vagrant/systemvm/scripts/root/redundant_router/primary-backup.sh.templ
+++ /dev/null
@@ -1,126 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-CONNTRACKD_BIN=/usr/sbin/conntrackd
-CONNTRACKD_LOCK=/var/lock/conntrack.lock
-CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf
-CONNTRACKD_LOG=[RROUTER_LOG]
-
-case "$1" in
- primary)
- #
- # commit the external cache into the kernel table
- #
- $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c
- if [ $? -eq 1 ]
- then
- logger "ERROR: failed to invoke conntrackd -c"
- fi
-
- #
- # flush the internal and the external caches
- #
- $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -f
- if [ $? -eq 1 ]
- then
- logger "ERROR: failed to invoke conntrackd -f"
- fi
-
- #
- # resynchronize my internal cache to the kernel table
- #
- $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -R
- if [ $? -eq 1 ]
- then
- logger "ERROR: failed to invoke conntrackd -R"
- fi
-
- #
- # send a bulk update to backups
- #
- $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -B
- if [ $? -eq 1 ]
- then
- logger "ERROR: failed to invoke conntrackd -B"
- fi
- echo Conntrackd switch to primary done >> $CONNTRACKD_LOG
- ;;
- backup)
- #
- # is conntrackd running? request some statistics to check it
- #
- $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -s
- if [ $? -eq 1 ]
- then
- #
- # something's wrong, do we have a lock file?
- #
- if [ -f $CONNTRACKD_LOCK ]
- then
- logger "WARNING: conntrackd was not cleanly stopped."
- logger "If you suspect that it has crashed:"
- logger "1) Enable coredumps"
- logger "2) Try to reproduce the problem"
- logger "3) Post the coredump to netfilter-devel@vger.kernel.org"
- rm -f $CONNTRACKD_LOCK
- fi
- $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d
- if [ $? -eq 1 ]
- then
- logger "ERROR: cannot launch conntrackd"
- exit 1
- fi
- fi
- #
- # shorten kernel conntrack timers to remove the zombie entries.
- #
- $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
- if [ $? -eq 1 ]
- then
- logger "ERROR: failed to invoke conntrackd -t"
- fi
-
- #
- # request resynchronization with master firewall replica (if any)
- # Note: this does nothing in the alarm approach.
- #
- $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -n
- if [ $? -eq 1 ]
- then
- logger "ERROR: failed to invoke conntrackd -n"
- fi
- echo Conntrackd switch to backup done >> $CONNTRACKD_LOG
- ;;
- fault)
- #
- # shorten kernel conntrack timers to remove the zombie entries.
- #
- $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
- if [ $? -eq 1 ]
- then
- logger "ERROR: failed to invoke conntrackd -t"
- fi
- echo Conntrackd switch to fault done >> $CONNTRACKD_LOG
- ;;
- *)
- logger "conntrackd: ERROR: unknown state transition: " $1
- echo "Usage: primary-backup.sh {primary|backup|fault}"
- exit 1
- ;;
-esac
-
-exit 0
diff --git a/tools/vagrant/systemvm/scripts/root/redundant_router/services.sh b/tools/vagrant/systemvm/scripts/root/redundant_router/services.sh
deleted file mode 100755
index b7ebeed264c..00000000000
--- a/tools/vagrant/systemvm/scripts/root/redundant_router/services.sh
+++ /dev/null
@@ -1,68 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-vpn_service() {
- ps aux|grep ipsec | grep -v grep > /dev/null
- no_vpn=$?
- if [ $no_vpn -eq 1 ]
- then
- return 0
- fi
- r=0
- case "$1" in
- stop)
- service ipsec stop && \
- service xl2tpd stop
- r=$?
- ;;
- restart)
- service ipsec restart && \
- service xl2tpd restart
- r=$?
- ;;
- esac
- return $r
-}
-
-ret=0
-case "$1" in
- start)
- vpn_service restart && \
- service cloud-passwd-srvr start && \
- service dnsmasq start
- ret=$?
- ;;
- stop)
- vpn_service stop && \
- service cloud-passwd-srvr stop && \
- service dnsmasq stop
- ret=$?
- ;;
- restart)
- vpn_service restart && \
- service cloud-passwd-srvr restart && \
- service dnsmasq restart
- ret=$?
- ;;
- *)
- echo "Usage: services {start|stop|restart}"
- exit 1
- ;;
-esac
-
-exit $ret
diff --git a/tools/vagrant/systemvm/scripts/usr/sbin/xe-daemon b/tools/vagrant/systemvm/scripts/usr/sbin/xe-daemon
deleted file mode 100755
index bc514d780b8..00000000000
--- a/tools/vagrant/systemvm/scripts/usr/sbin/xe-daemon
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/bash
-
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-LANG="C"
-export LANG
-
-usage() {
- echo "$0 [ -p ]" >&2
- exit 1
-}
-
-# Parse command line opts
-while [ $# -ne 0 ] ; do
- arg="$1"
- shift
- case "$arg" in
- "-p")
- [ $# -eq 0 ] && usage
- pidfile="$1"
- shift
- mkdir -p "$(dirname "$pidfile")"
- echo $$ > "$pidfile"
- ;;
- *)
- usage
- ;;
- esac
-done
-
-XE_UPDATE_GUEST_ATTRS=${XE_UPDATE_GUEST_ATTRS:-/usr/sbin/xe-update-guest-attrs}
-XE_DAEMON_RATE=${XE_DAEMON_RATE:-60} # run once a minute by default
-XE_MEMORY_UPDATE_DIVISOR=${XE_MEMORY_UPDATE_DIVISOR:-2} # update mem stats 1/2 as often by dflt
-
-# Delete xenstore cache following each reboot
-rm -rf /var/cache/xenstore
-
-MEMORY_UPDATE_COUNTER=0
-while true ; do
- if [ ${MEMORY_UPDATE_COUNTER} -eq 0 ] ; then
- MEMORY=--memory
- MEMORY_UPDATE_COUNTER=${XE_MEMORY_UPDATE_DIVISOR}
- else
- MEMORY=
- fi
- MEMORY_UPDATE_COUNTER=$((${MEMORY_UPDATE_COUNTER} - 1))
- ${XE_UPDATE_GUEST_ATTRS} ${MEMORY}
-
- sleep ${XE_DAEMON_RATE}
-done
diff --git a/tools/vagrant/systemvm/scripts/usr/sbin/xe-linux-distribution b/tools/vagrant/systemvm/scripts/usr/sbin/xe-linux-distribution
deleted file mode 100755
index 774f1c75859..00000000000
--- a/tools/vagrant/systemvm/scripts/usr/sbin/xe-linux-distribution
+++ /dev/null
@@ -1,267 +0,0 @@
-#! /bin/sh
-
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-# Script to write information about the current distribution to stdout or a file.
-# Information collected:
-# - Distribution name
-# - Distribution version (major and minor)
-# - Kernel version (uname)
-
-LANG="C"
-export LANG
-
-
-write_to_output()
-{
- local distro="$1"
- local major="$2"
- local minor="$3"
- local name="$4"
- local uname=$(uname -r)
-
- if [ -n "${TEST_RESULT}" ] ; then
- MAJOR=$major
- MINOR=$minor
- DISTRO=$distro
- UNAME=$uname
- return 0
- fi
-
- echo "os_distro=\"${distro}\""
- echo "os_majorver=\"${major}\""
- echo "os_minorver=\"${minor}\""
- echo "os_uname=\"${uname}\""
- echo "os_name=\"${name}\""
-
- return 0
-}
-
-identify_debian()
-{
- local debian_version="$1"
- local major
- local minor
-
- # 3.1
- # 4.0
- # Ignores testing and unstable which contain ".*/sid".
-
- if [ ! -f "${debian_version}" ] ; then
- return 1
- fi
-
- eval $(awk -F. '/^[0-9]*\.[0-9]*/ \
- { print "major="$1 ; print "minor="$2 ; exit 0 }' \
- "${debian_version}")
-
- if [ -z "${major}" ] && [ -z "${minor}" ] && ! grep -q /sid "${debian_version}" ; then
- return 1
- fi
-
- write_to_output "debian" "${major}" "${minor}" "Debian $(head -n 1 $debian_version)"
-
- return 0
-}
-
-identify_redhat()
-{
- redhat_release="$1"
- local distro
- local major
- local minor
- local beta
-
- # distro=rhel
- # Red Hat Enterprise Linux AS release 3 (Taroon Update 6)
- # Red Hat Enterprise Linux AS release 3 (Taroon Update 8)
- # Red Hat Enterprise Linux AS release 4 (Nahant)
- # Red Hat Enterprise Linux AS release 4 (Nahant Update 1)
- # Red Hat Enterprise Linux AS release 4 (Nahant Update 2)
- # Red Hat Enterprise Linux AS release 4 (Nahant Update 3)
- # Red Hat Enterprise Linux AS release 4 (Nahant Update 4)
- # Red Hat Enterprise Linux Server release 4.92 (Tikanga)
- # Red Hat Enterprise Linux Server release 5 (Tikanga)
- # Red Hat Enterprise Linux Server release 5.1 Beta (Tikanga)
-
- # distro=xe-ddk
- # \@PRODUCT_BRAND\@ DDK release \@PRODUCT_VERSION\@-\@BUILD_NUMBER\@ (\@PRODUCT_NAME\@)
- # Rio DDK release 0.5.6-2991c (xenenterprise)
-
- # distro=xe-sdk
- # \@PRODUCT_BRAND\@ SDK release \@PRODUCT_VERSION\@-\@BUILD_NUMBER\@ (\@PRODUCT_NAME\@)
- # Rio SDK release 0.5.6-2991c (xenenterprise)
-
- # distro=fedora
- # Fedora Core release 3 (Heidelberg)
-
- # distro=centos
- # CentOS release 4.0 (Final)
- # CentOS release 5 (Final)
-
- # distro=oracle
- # Enterprise Linux Enterprise Linux Server release 5 (Carthage)
-
- if [ ! -f "${redhat_release}" ] ; then
- return 1
- fi
-
- eval $(sed -n \
- -e 's/^\(.*\) DDK release \(.*\)-\(.*\) (.*)$/distro=xe-ddk;major=\2;minor=\3/gp;' \
- -e 's/^\(.*\) SDK release \(.*\)-\(.*\) (.*)$/distro=xe-sdk;major=\2;minor=\3/gp;' \
- -e 's/^Red Hat Enterprise Linux .* release \([0-9]*\) (.* Update \(.*\))$/distro=rhel;major=\1;minor=\2/gp;'\
- -e 's/^Red Hat Enterprise Linux .* release \([0-9]*\) (.*)$/distro=rhel;major=\1/gp;' \
- -e 's/^Red Hat Enterprise Linux .* release \([0-9]*\)\.\([0-9]*\) \([Bb]eta \)\?(.*)$/distro=rhel;major=\1;minor=\2;beta=\3;/gp;' \
- -e 's/^Fedora.*release \([0-9]*\) (.*)$/distro=fedora;major=\1/gp;' \
- -e 's/^CentOS release \([0-9]*\)\.\([0-9]*\) (.*)/distro=centos;major=\1;minor=\2/gp;' \
- -e 's/^CentOS release \([0-9]*\) (.*)/distro=centos;major=\1/gp;' \
- -e 's/^Enterprise Linux Enterprise Linux .* release \([0-9]*\)\.\([0-9]*\) (.*)$/distro=oracle;major=\1;minor=\2;/gp;' \
- -e 's/^Enterprise Linux Enterprise Linux .* release \([0-9]*\) (.*)$/distro=oracle;major=\1/gp;' \
- "${redhat_release}")
-
- if [ -z "${major}" -o -z "${distro}" ] ; then
- return 1
- fi
-
- if [ -z "${minor}" ] ; then
- minor=0
- fi
-
- # HACK to handle RHEL betas
- if [ "${distro}" == "rhel" ] && [ ${minor} -gt 90 ] ; then
- major=$(expr ${major} + 1 )
- minor=0
- beta=Beta
- fi
-
- if [ -n "${beta}" ] ; then
- minor="${minor}beta"
- fi
-
- write_to_output "${distro}" "${major}" "${minor}" "$(head -n 1 ${redhat_release})"
-
-}
-
-identify_sles()
-{
- suse_release="$1"
- local major
- local minor
- local _major
-
- # SUSE LINUX Enterprise Server 9 (i586)
- # VERSION = 9
- #
- # SUSE LINUX Enterprise Server 9 (i586)
- # VERSION = 9
- # PATCHLEVEL = 2
- #
- # SUSE LINUX Enterprise Server 9 (i586)
- # VERSION = 9
- # PATCHLEVEL = 3
- #
- # SUSE Linux Enterprise Server 10 (i586)
- # VERSION = 10
- #
- # SUSE Linux Enterprise Server 10 (i586)
- # VERSION = 10
- # PATCHLEVEL = 1
- #
- # SUSE Linux Enterprise Server 11 (i586)
- # VERSION = 11
- # PATCHLEVEL = 0
-
- if [ ! -f "${suse_release}" ] ; then
- return 1
- fi
-
- eval $(sed -n \
- -e 's/^SUSE L\(inux\|INUX\) Enterprise Server \([0-9]*\) (.*)/_major=\2;/gp;' \
- -e 's/^VERSION = \([0-9]*\)$/major=\1;/gp;' \
- -e 's/^PATCHLEVEL = \([0-9]*\)$/minor=\1;/gp;' \
- "${suse_release}")
-
- if [ -z "${major}" -o -z "${_major}" ] ; then
- return 1
- fi
-
- if [ "${major}" != "${_major}" ] ; then
- return 1
- fi
-
- if [ -z "${minor}" ] ; then
- minor=0
- fi
-
- write_to_output "sles" "${major}" "${minor}" "$(head -n 1 ${suse_release})"
-
-}
-
-identify_lsb()
-{
- lsb_release="$1"
-
- if [ ! -x "${lsb_release}" ] ; then
- saved_IFS=$IFS
- IFS=:
- for i in $PATH ; do
- if [ -x "${i}/${lsb_release}" ] ; then
- lsb_release="${i}/${lsb_release}"
- break
- fi
- done
- IFS=$saved_IFS
- fi
-
- if [ ! -x "${lsb_release}" ] ; then
- return 1
- fi
-
- distro=$(${lsb_release} --short --id | tr 'A-Z' 'a-z')
- description=$(${lsb_release} --short --description | sed -e 's/^"\(.*\)"$/\1/g')
- release=$(${lsb_release} --short --release)
-
- if [ -z "${distro}" -o -z "${release}" ] ; then
- return 1
- fi
-
- eval $(echo $release | awk -F. -- '{ print "major=" $1 ; print "minor=" $2 }')
-
- if [ -z "${major}" -o -z "${distro}" ] ; then
- return 1
- fi
-
- write_to_output "${distro}" "${major}" "${minor}" "${description}"
-}
-
-if [ $# -eq 1 ] ; then
- exec 1>"$1"
-fi
-
-if [ -z "${TEST}" ] ; then
- identify_redhat /etc/redhat-release && exit 0
- identify_sles /etc/SuSE-release && exit 0
- identify_lsb lsb_release && exit 0
- identify_debian /etc/debian_version && exit 0
-
- if [ $# -eq 1 ] ; then
- rm -f "$1"
- fi
-
- exit 1
-fi
diff --git a/tools/vagrant/systemvm/scripts/usr/sbin/xe-update-guest-attrs b/tools/vagrant/systemvm/scripts/usr/sbin/xe-update-guest-attrs
deleted file mode 100755
index 6c605be420b..00000000000
--- a/tools/vagrant/systemvm/scripts/usr/sbin/xe-update-guest-attrs
+++ /dev/null
@@ -1,226 +0,0 @@
-#!/bin/sh
-
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-# Script to write information about the guest to XenStore.
-#
-# Information collected (if --memory NOT passed in):
-# - Distribution name
-# - Distribution version (major and minor)
-# - Kernel version (uname)
-# - IP address for each Ethernet interface
-#
-# Information collected (if --memory IS passed in):
-# - memtotal
-# - memfree
-#
-# Memory stats are separated out because they change all the time
-# and so we may not want to update them as frequently
-
-LANG="C"
-export LANG
-
-
-XE_LINUX_DISTRIBUTION_CACHE=/var/cache/xe-linux-distribution
-
-IPADDR_RE="\([[:digit:]]\{1,3\}\.\)\{3\}[[:digit:]]\{1,3\}"
-
-export PATH=/usr/sbin:/usr/bin:/sbin:/bin
-XENSTORE=${XENSTORE:-xenstore}
-
-XENSTORE_UPDATED=0
-
-# parse command line opts
-
-MEMORY_MODE=0 # do not update memory stats
-while [ $# -ge 1 ] ; do
- if [ "$1" = "--memory" ] ; then
- MEMORY_MODE=1 # update only memory stats
- fi
- shift
-done
-
-xenstore_write_cached() {
- key="$1" newval="$2"
- cache=/var/cache/xenstore/$key
- if [ -f $cache ] ; then
- # cache exists
- oldval=$(cat "$cache")
- if [ "$oldval" = "$newval" ] ; then
- # value unchanged
- return 0
- fi
- else
- # cache does not exist
- if [ -e $cache ] ; then
- # something (directory?) in its way
- rm -rf $cache
- fi
- fi
-
- # try to write and update cache if successfull
- if $XENSTORE-write "$key" "$newval" ; then
- mkdir -p $(dirname "$cache")
- echo -n "$newval" > "$cache"
- XENSTORE_UPDATED=1
- return 0
- fi
- return 1
-}
-
-# If we detect a domain change then delete our cache and force a refresh
-domid=$(xenstore-read "domid")
-cache=/var/cache/xenstore/unique-domain-id
-newval=$(xenstore-read "/local/domain/${domid}/unique-domain-id")
-if [ -e $cache ]; then
- oldval=$(cat "$cache")
- if [ "$oldval" != "$newval" ]; then
- # domain changed
- rm -rf /var/cache/xenstore
- fi
-fi
-mkdir -p $(dirname "$cache")
-echo -n "$newval" > "$cache"
-
-xenstore_rm_cached() {
- key="$1"
- cache=/var/cache/xenstore/$key
- if [ ! -e $cache ] ; then
- return 1
- fi
- # try to write and update cache if successfull
- if $XENSTORE-rm "$key" ; then
- rm -rf "$cache"
- XENSTORE_UPDATED=1
- return 0
- fi
- return 1
-}
-
-xenstore_list_interfaces_cached() {
- topdir=/var/cache/xenstore/attr
- if [ -d $topdir ] ; then
- cd $topdir
- for dir in * ; do
- [ -f $dir/ip ] && echo $dir
- done
- fi
-}
-
-if [ $MEMORY_MODE -eq 1 ] ; then
- # Update the memory information
- eval $(cat /proc/meminfo | \
- sed -n -e 's/MemTotal\: *\([0-9]*\)[^$]*/memtotal=\1/gp;' \
- -e 's/MemFree\: *\([0-9]*\)[^$]*/memfree=\1/gp;')
-
- xenstore_write_cached "data/meminfo_total" "${memtotal}"
- xenstore_write_cached "data/meminfo_free" "${memfree}"
-fi
-
-
-
-# e.g.
-# $ ip addr show
-# 1: lo: mtu 16436 qdisc noqueue
-# link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
-# inet 127.0.0.1/8 scope host lo
-# inet6 ::1/128 scope host
-# valid_lft forever preferred_lft forever
-# 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000
-# link/ether 00:13:20:95:e8:74 brd ff:ff:ff:ff:ff:ff
-# inet 172.31.0.57/20 brd 172.31.15.255 scope global eth0
-# inet6 fe80::213:20ff:fe95:e874/64 scope link
-# valid_lft forever preferred_lft forever
-# 3: sit0: mtu 1480 qdisc noop
-# link/sit 0.0.0.0 brd 0.0.0.0
-
-#eval $(ip addr show | \
-# sed -n -e 's/^[[:digit:]]*: \([a-z0-9]*\): .*/ifs="\$ifs \1"; current="\1"; /gp;' \
-# -e 's/^[[:space:]]\{4\}inet \('${IPADDR_RE}'\)\/.*/eval inet_\${current}="\1"; /gp;')
-
-# e.g.
-# eth0 Link encap:Ethernet HWaddr 00:13:20:95:E8:74
-# inet addr:172.31.0.57 Bcast:172.31.15.255 Mask:255.255.240.0
-# inet6 addr: fe80::213:20ff:fe95:e874/64 Scope:Link
-# UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
-# RX packets:98001128 errors:0 dropped:0 overruns:0 frame:0
-# TX packets:87728920 errors:0 dropped:0 overruns:0 carrier:0
-# collisions:0 txqueuelen:1000
-# RX bytes:35864034092 (33.4 GiB) TX bytes:27544025180 (25.6 GiB)
-# Interrupt:177
-#
-# lo Link encap:Local Loopback
-# inet addr:127.0.0.1 Mask:255.0.0.0
-# inet6 addr: ::1/128 Scope:Host
-# UP LOOPBACK RUNNING MTU:16436 Metric:1
-# RX packets:32928 errors:0 dropped:0 overruns:0 frame:0
-# TX packets:32928 errors:0 dropped:0 overruns:0 carrier:0
-# collisions:0 txqueuelen:0
-# RX bytes:3604609 (3.4 MiB) TX bytes:3604609 (3.4 MiB)
-
-eval $(/sbin/ifconfig | \
- sed -n -e '/^[0-9a-z][0-9a-z]*\:/,/^$/d' \
- -e 's/^\([0-9a-z][0-9a-z]*\) .*/ifs="\$ifs \1"; current="\1"; /gp;' \
- -e 's/ *inet addr:\('$IPADDR_RE'\) .*/eval inet_\${current}="\1"; /gp;')
-
-# network
-for if in $ifs ; do
-
- [ "${if}" = "lo" ] && continue
- inet=$(eval echo \${inet_${if}})
- [ -z "${inet}" ] && continue
-
- xenstore_write_cached "attr/${if}/ip" "${inet}"
-done
-
-# remove any interfaces that have been unplugged or downed
-for at in $(xenstore_list_interfaces_cached) ; do
- for if in $ifs ; do
- [ "${if}" = "${at}" ] && continue 2
- done
- xenstore_rm_cached "attr/${at}"
-done
-
-# distro
-if [ -f ${XE_LINUX_DISTRIBUTION_CACHE} ] ; then
- . ${XE_LINUX_DISTRIBUTION_CACHE}
- for key in os_name os_majorver os_minorver os_uname os_distro ; do
- new=$(eval echo \${${key}})
- [ -n "${new}" ] || continue
- xenstore_write_cached "data/${key}" "${new}"
- done
-fi
-
-# whether I support ballooning or not
-xenstore_write_cached "control/feature-balloon" "1"
-
-# whether I support ballooning or not
-xenstore_write_cached "control/feature-balloon" "1"
-
-# build time addons
-xenstore_write_cached "attr/PVAddons/MajorVersion" "5"
-xenstore_write_cached "attr/PVAddons/MinorVersion" "6"
-xenstore_write_cached "attr/PVAddons/MicroVersion" "0"
-xenstore_write_cached "attr/PVAddons/BuildVersion" "31188"
-xenstore_write_cached "attr/PVAddons/Installed" "1"
-
-# update xenstore if necc
-if [ $XENSTORE_UPDATED -eq 1 ] ; then
- xenstore_write_cached "data/updated" "$(date)"
-fi
-