diff --git a/build.xml b/build.xml
index f03c94b4734..bf633f6cdf8 100755
--- a/build.xml
+++ b/build.xml
@@ -10,69 +10,32 @@
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
-
-
diff --git a/build/build-cloud.xml b/build/build-cloud.xml
index fde4bb491f6..848af06df1e 100755
--- a/build/build-cloud.xml
+++ b/build/build-cloud.xml
@@ -7,6 +7,7 @@
@@ -60,7 +61,9 @@
-
+
+
+
@@ -98,12 +101,13 @@
-
+
+
@@ -134,7 +138,7 @@
-
+
@@ -173,7 +177,7 @@
-
+
@@ -220,7 +224,6 @@
-
@@ -234,11 +237,15 @@
-
+
+
+
+
+
@@ -249,24 +256,40 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -281,12 +304,12 @@
-
+
-
-
-
-
+
+
+
+
@@ -320,7 +343,7 @@
-
+
@@ -367,10 +390,6 @@
-
-
-
-
@@ -494,21 +513,19 @@
-
-
-
+
+
+
+
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
@@ -526,7 +543,7 @@
-
+
@@ -538,9 +555,9 @@
-
-
-
+
+
+
diff --git a/build/build-common.xml b/build/build-common.xml
index ae2f814f1bd..2131093314e 100755
--- a/build/build-common.xml
+++ b/build/build-common.xml
@@ -44,6 +44,7 @@
+
diff --git a/build/package.xml b/build/package.xml
index 2476eea3bbe..ec0cc82077b 100755
--- a/build/package.xml
+++ b/build/package.xml
@@ -23,7 +23,6 @@
-
@@ -92,9 +91,9 @@
-
+
-
+
@@ -103,6 +102,19 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -123,7 +135,7 @@
-
+
@@ -135,7 +147,7 @@
-
+
@@ -236,7 +248,8 @@
-
+
+
diff --git a/client/WEB-INF/classes/resources/resource.properties b/client/WEB-INF/classes/resources/resource.properties
new file mode 100644
index 00000000000..0310e1c3f06
--- /dev/null
+++ b/client/WEB-INF/classes/resources/resource.properties
@@ -0,0 +1 @@
+Details = Details
diff --git a/client/WEB-INF/classes/resources/resource_zh.properties b/client/WEB-INF/classes/resources/resource_zh.properties
new file mode 100644
index 00000000000..307334f028f
--- /dev/null
+++ b/client/WEB-INF/classes/resources/resource_zh.properties
@@ -0,0 +1,14 @@
+Details = 詳述
+Volume = 容積
+Statistics = 統計
+Zone = 區域
+Template = 模板
+Service = 服務
+HA = 高的可用性
+Created = 產生日期
+Account = 帳戶
+Domain = 領土
+Host = 主機
+ISO = 空白模板
+
+
diff --git a/patches/systemvm/etc/dnsmasq.conf b/patches/systemvm/etc/dnsmasq.conf
new file mode 100755
index 00000000000..234bcdaed5d
--- /dev/null
+++ b/patches/systemvm/etc/dnsmasq.conf
@@ -0,0 +1,463 @@
+# Configuration file for dnsmasq.
+#
+# Format is one option per line, legal options are the same
+# as the long options legal on the command line. See
+# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
+# @VERSION@
+
+# The following two options make you a better netizen, since they
+# tell dnsmasq to filter out queries which the public DNS cannot
+# answer, and which load the servers (especially the root servers)
+# uneccessarily. If you have a dial-on-demand link they also stop
+# these requests from bringing up the link uneccessarily.
+
+# Never forward plain names (without a dot or domain part)
+domain-needed
+# Never forward addresses in the non-routed address spaces.
+bogus-priv
+
+
+# Uncomment this to filter useless windows-originated DNS requests
+# which can trigger dial-on-demand links needlessly.
+# Note that (amongst other things) this blocks all SRV requests,
+# so don't use it if you use eg Kerberos.
+# This option only affects forwarding, SRV records originating for
+# dnsmasq (via srv-host= lines) are not suppressed by it.
+#filterwin2k
+
+# Change this line if you want dns to get its upstream servers from
+# somewhere other that /etc/resolv.conf
+resolv-file=/etc/dnsmasq-resolv.conf
+
+# By default, dnsmasq will send queries to any of the upstream
+# servers it knows about and tries to favour servers to are known
+# to be up. Uncommenting this forces dnsmasq to try each query
+# with each server strictly in the order they appear in
+# /etc/resolv.conf
+#strict-order
+
+# If you don't want dnsmasq to read /etc/resolv.conf or any other
+# file, getting its servers from this file instead (see below), then
+# uncomment this.
+#no-resolv
+
+# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
+# files for changes and re-read them then uncomment this.
+#no-poll
+
+# Add other name servers here, with domain specs if they are for
+# non-public domains.
+#server=/localnet/192.168.0.1
+
+# Example of routing PTR queries to nameservers: this will send all
+# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
+#server=/3.168.192.in-addr.arpa/10.1.2.3
+
+# Add local-only domains here, queries in these domains are answered
+# from /etc/hosts or DHCP only.
+#local=/localnet/
+
+# Add domains which you want to force to an IP address here.
+# The example below send any host in doubleclick.net to a local
+# webserver.
+#address=/doubleclick.net/127.0.0.1
+
+# If you want dnsmasq to change uid and gid to something other
+# than the default, edit the following lines.
+#user=
+#group=
+
+# If you want dnsmasq to listen for DHCP and DNS requests only on
+# specified interfaces (and the loopback) give the name of the
+# interface (eg eth0) here.
+# Repeat the line for more than one interface.
+interface=eth0
+# Or you can specify which interface _not_ to listen on
+except-interface=eth1
+except-interface=eth2
+# Or which to listen on by address (remember to include 127.0.0.1 if
+# you use this.)
+#listen-address=
+# If you want dnsmasq to provide only DNS service on an interface,
+# configure it as shown above, and then use the following line to
+# disable DHCP on it.
+no-dhcp-interface=eth1
+no-dhcp-interface=eth2
+
+# On systems which support it, dnsmasq binds the wildcard address,
+# even when it is listening on only some interfaces. It then discards
+# requests that it shouldn't reply to. This has the advantage of
+# working even when interfaces come and go and change address. If you
+# want dnsmasq to really bind only the interfaces it is listening on,
+# uncomment this option. About the only time you may need this is when
+# running another nameserver on the same machine.
+bind-interfaces
+
+# If you don't want dnsmasq to read /etc/hosts, uncomment the
+# following line.
+#no-hosts
+# or if you want it to read another file, as well as /etc/hosts, use
+# this.
+#addn-hosts=/etc/banner_add_hosts
+
+# Set this (and domain: see below) if you want to have a domain
+# automatically added to simple names in a hosts-file.
+expand-hosts
+
+# Set the domain for dnsmasq. this is optional, but if it is set, it
+# does the following things.
+# 1) Allows DHCP hosts to have fully qualified domain names, as long
+# as the domain part matches this setting.
+# 2) Sets the "domain" DHCP option thereby potentially setting the
+# domain of all systems configured by DHCP
+# 3) Provides the domain part for "expand-hosts"
+#domain=foo.com
+
+# Uncomment this to enable the integrated DHCP server, you need
+# to supply the range of addresses available for lease and optionally
+# a lease time. If you have more than one network, you will need to
+# repeat this for each network on which you want to supply DHCP
+# service.
+dhcp-range=10.0.0.1,static
+#dhcp-range=10.0.0.1,10.255.255.255
+dhcp-hostsfile=/etc/dhcphosts.txt
+
+# This is an example of a DHCP range where the netmask is given. This
+# is needed for networks we reach the dnsmasq DHCP server via a relay
+# agent. If you don't know what a DHCP relay agent is, you probably
+# don't need to worry about this.
+#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
+
+# This is an example of a DHCP range with a network-id, so that
+# some DHCP options may be set only for this network.
+#dhcp-range=red,192.168.0.50,192.168.0.150
+
+# Supply parameters for specified hosts using DHCP. There are lots
+# of valid alternatives, so we will give examples of each. Note that
+# IP addresses DO NOT have to be in the range given above, they just
+# need to be on the same network. The order of the parameters in these
+# do not matter, it's permissble to give name,adddress and MAC in any order
+
+# Always allocate the host with ethernet address 11:22:33:44:55:66
+# The IP address 192.168.0.60
+#dhcp-host=11:22:33:44:55:66,192.168.0.60
+
+# Always set the name of the host with hardware address
+# 11:22:33:44:55:66 to be "fred"
+#dhcp-host=11:22:33:44:55:66,fred
+
+# Always give the host with ethernet address 11:22:33:44:55:66
+# the name fred and IP address 192.168.0.60 and lease time 45 minutes
+#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
+
+# Give the machine which says it's name is "bert" IP address
+# 192.168.0.70 and an infinite lease
+#dhcp-host=bert,192.168.0.70,infinite
+
+# Always give the host with client identifier 01:02:02:04
+# the IP address 192.168.0.60
+#dhcp-host=id:01:02:02:04,192.168.0.60
+
+# Always give the host with client identifier "marjorie"
+# the IP address 192.168.0.60
+#dhcp-host=id:marjorie,192.168.0.60
+
+# Enable the address given for "judge" in /etc/hosts
+# to be given to a machine presenting the name "judge" when
+# it asks for a DHCP lease.
+#dhcp-host=judge
+
+# Never offer DHCP service to a machine whose ethernet
+# address is 11:22:33:44:55:66
+#dhcp-host=11:22:33:44:55:66,ignore
+
+# Ignore any client-id presented by the machine with ethernet
+# address 11:22:33:44:55:66. This is useful to prevent a machine
+# being treated differently when running under different OS's or
+# between PXE boot and OS boot.
+#dhcp-host=11:22:33:44:55:66,id:*
+
+# Send extra options which are tagged as "red" to
+# the machine with ethernet address 11:22:33:44:55:66
+#dhcp-host=11:22:33:44:55:66,net:red
+
+# Send extra options which are tagged as "red" to
+# any machine with ethernet address starting 11:22:33:
+#dhcp-host=11:22:33:*:*:*,net:red
+
+# Ignore any clients which are specified in dhcp-host lines
+# or /etc/ethers. Equivalent to ISC "deny unkown-clients".
+# This relies on the special "known" tag which is set when
+# a host is matched.
+#dhcp-ignore=#known
+
+# Send extra options which are tagged as "red" to any machine whose
+# DHCP vendorclass string includes the substring "Linux"
+#dhcp-vendorclass=red,Linux
+
+# Send extra options which are tagged as "red" to any machine one
+# of whose DHCP userclass strings includes the substring "accounts"
+#dhcp-userclass=red,accounts
+
+# Send extra options which are tagged as "red" to any machine whose
+# MAC address matches the pattern.
+#dhcp-mac=red,00:60:8C:*:*:*
+
+# If this line is uncommented, dnsmasq will read /etc/ethers and act
+# on the ethernet-address/IP pairs found there just as if they had
+# been given as --dhcp-host options. Useful if you keep
+# MAC-address/host mappings there for other purposes.
+#read-ethers
+
+# Send options to hosts which ask for a DHCP lease.
+# See RFC 2132 for details of available options.
+# Common options can be given to dnsmasq by name:
+# run "dnsmasq --help dhcp" to get a list.
+# Note that all the common settings, such as netmask and
+# broadcast address, DNS server and default route, are given
+# sane defaults by dnsmasq. You very likely will not need
+# any dhcp-options. If you use Windows clients and Samba, there
+# are some options which are recommended, they are detailed at the
+# end of this section.
+
+# Override the default route supplied by dnsmasq, which assumes the
+# router is the same machine as the one running dnsmasq.
+#dhcp-option=3,1.2.3.4
+
+# Do the same thing, but using the option name
+#dhcp-option=option:router,1.2.3.4
+
+# Override the default route supplied by dnsmasq and send no default
+# route at all. Note that this only works for the options sent by
+# default (1, 3, 6, 12, 28) the same line will send a zero-length option
+# for all other option numbers.
+#dhcp-option=3
+
+# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
+#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
+
+# Set the NTP time server address to be the same machine as
+# is running dnsmasq
+#dhcp-option=42,0.0.0.0
+
+# Set the NIS domain name to "welly"
+#dhcp-option=40,welly
+
+# Set the default time-to-live to 50
+#dhcp-option=23,50
+
+# Set the "all subnets are local" flag
+#dhcp-option=27,1
+
+# Set the domain
+#dhcp-option=15,"foo.com"
+
+# Send the etherboot magic flag and then etherboot options (a string).
+#dhcp-option=128,e4:45:74:68:00:00
+#dhcp-option=129,NIC=eepro100
+
+# Specify an option which will only be sent to the "red" network
+# (see dhcp-range for the declaration of the "red" network)
+# Note that the net: part must precede the option: part.
+#dhcp-option = net:red, option:ntp-server, 192.168.1.1
+
+# The following DHCP options set up dnsmasq in the same way as is specified
+# for the ISC dhcpcd in
+# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
+# adapted for a typical dnsmasq installation where the host running
+# dnsmasq is also the host running samba.
+# you may want to uncomment them if you use Windows clients and Samba.
+#dhcp-option=19,0 # option ip-forwarding off
+#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
+#dhcp-option=45,0.0.0.0 # netbios datagram distribution server
+#dhcp-option=46,8 # netbios node type
+#dhcp-option=47 # empty netbios scope.
+
+# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
+# probably doesn't support this......
+#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
+
+# Send RFC-3442 classless static routes (note the netmask encoding)
+#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
+
+# Send vendor-class specific options encapsulated in DHCP option 43.
+# The meaning of the options is defined by the vendor-class so
+# options are sent only when the client supplied vendor class
+# matches the class given here. (A substring match is OK, so "MSFT"
+# matches "MSFT" and "MSFT 5.0"). This example sets the
+# mtftp address to 0.0.0.0 for PXEClients.
+#dhcp-option=vendor:PXEClient,1,0.0.0.0
+
+# Send microsoft-specific option to tell windows to release the DHCP lease
+# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
+# value as a four-byte integer - that's what microsoft wants. See
+# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
+dhcp-option=vendor:MSFT,2,1i
+
+# Send the Encapsulated-vendor-class ID needed by some configurations of
+# Etherboot to allow is to recognise the DHCP server.
+#dhcp-option=vendor:Etherboot,60,"Etherboot"
+
+# Send options to PXELinux. Note that we need to send the options even
+# though they don't appear in the parameter request list, so we need
+# to use dhcp-option-force here.
+# See http://syslinux.zytor.com/pxe.php#special for details.
+# Magic number - needed before anything else is recognised
+#dhcp-option-force=208,f1:00:74:7e
+# Configuration file name
+#dhcp-option-force=209,configs/common
+# Path prefix
+#dhcp-option-force=210,/tftpboot/pxelinux/files/
+# Reboot time. (Note 'i' to send 32-bit value)
+#dhcp-option-force=211,30i
+
+# Set the boot filename for BOOTP. You will only need
+# this is you want to boot machines over the network and you will need
+# a TFTP server; either dnsmasq's built in TFTP server or an
+# external one. (See below for how to enable the TFTP server.)
+#dhcp-boot=pxelinux.0
+
+# Enable dnsmasq's built-in TFTP server
+#enable-tftp
+
+# Set the root directory for files availble via FTP.
+#tftp-root=/var/ftpd
+
+# Make the TFTP server more secure: with this set, only files owned by
+# the user dnsmasq is running as will be send over the net.
+#tftp-secure
+
+# Set the boot file name only when the "red" tag is set.
+#dhcp-boot=net:red,pxelinux.red-net
+
+# An example of dhcp-boot with an external server: the name and IP
+# address of the server are given after the filename.
+#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
+
+# Set the limit on DHCP leases, the default is 150
+#dhcp-lease-max=150
+
+# The DHCP server needs somewhere on disk to keep its lease database.
+# This defaults to a sane location, but if you want to change it, use
+# the line below.
+#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
+leasefile-ro
+
+# Set the DHCP server to authoritative mode. In this mode it will barge in
+# and take over the lease for any client which broadcasts on the network,
+# whether it has a record of the lease or not. This avoids long timeouts
+# when a machine wakes up on a new network. DO NOT enable this if there's
+# the slighest chance that you might end up accidentally configuring a DHCP
+# server for your campus/company accidentally. The ISC server uses
+# the same option, and this URL provides more information:
+# http://www.isc.org/index.pl?/sw/dhcp/authoritative.php
+#dhcp-authoritative
+
+# Run an executable when a DHCP lease is created or destroyed.
+# The arguments sent to the script are "add" or "del",
+# then the MAC address, the IP address and finally the hostname
+# if there is one.
+#dhcp-script=/bin/echo
+
+# Set the cachesize here.
+#cache-size=150
+
+# If you want to disable negative caching, uncomment this.
+#no-negcache
+
+# Normally responses which come form /etc/hosts and the DHCP lease
+# file have Time-To-Live set as zero, which conventionally means
+# do not cache further. If you are happy to trade lower load on the
+# server for potentially stale date, you can set a time-to-live (in
+# seconds) here.
+#local-ttl=
+
+# If you want dnsmasq to detect attempts by Verisign to send queries
+# to unregistered .com and .net hosts to its sitefinder service and
+# have dnsmasq instead return the correct NXDOMAIN response, uncomment
+# this line. You can add similar lines to do the same for other
+# registries which have implemented wildcard A records.
+#bogus-nxdomain=64.94.110.11
+
+# If you want to fix up DNS results from upstream servers, use the
+# alias option. This only works for IPv4.
+# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
+#alias=1.2.3.4,5.6.7.8
+# and this maps 1.2.3.x to 5.6.7.x
+#alias=1.2.3.0,5.6.7.0,255.255.255.0
+
+
+# Change these lines if you want dnsmasq to serve MX records.
+
+# Return an MX record named "maildomain.com" with target
+# servermachine.com and preference 50
+#mx-host=maildomain.com,servermachine.com,50
+
+# Set the default target for MX records created using the localmx option.
+#mx-target=servermachine.com
+
+# Return an MX record pointing to the mx-target for all local
+# machines.
+#localmx
+
+# Return an MX record pointing to itself for all local machines.
+#selfmx
+
+# Change the following lines if you want dnsmasq to serve SRV
+# records. These are useful if you want to serve ldap requests for
+# Active Directory and other windows-originated DNS requests.
+# See RFC 2782.
+# You may add multiple srv-host lines.
+# The fields are ,,,,
+# If the domain part if missing from the name (so that is just has the
+# service and protocol sections) then the domain given by the domain=
+# config option is used. (Note that expand-hosts does not need to be
+# set for this to work.)
+
+# A SRV record sending LDAP for the example.com domain to
+# ldapserver.example.com port 289
+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
+
+# A SRV record sending LDAP for the example.com domain to
+# ldapserver.example.com port 289 (using domain=)
+###domain=example.com
+#srv-host=_ldap._tcp,ldapserver.example.com,389
+
+# Two SRV records for LDAP, each with different priorities
+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
+
+# A SRV record indicating that there is no LDAP server for the domain
+# example.com
+#srv-host=_ldap._tcp.example.com
+
+# The following line shows how to make dnsmasq serve an arbitrary PTR
+# record. This is useful for DNS-SD. (Note that the
+# domain-name expansion done for SRV records _does_not
+# occur for PTR records.)
+#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
+
+# Change the following lines to enable dnsmasq to serve TXT records.
+# These are used for things like SPF and zeroconf. (Note that the
+# domain-name expansion done for SRV records _does_not
+# occur for TXT records.)
+
+#Example SPF.
+#txt-record=example.com,"v=spf1 a -all"
+
+#Example zeroconf
+#txt-record=_http._tcp.example.com,name=value,paper=A4
+
+
+# For debugging purposes, log each DNS query as it passes through
+# dnsmasq.
+log-queries
+
+# Log lots of extra information about DHCP transactions.
+log-dhcp
+
+log-facility=/var/log/dnsmasq.log
+
+# Include a another lot of configuration options.
+#conf-file=/etc/dnsmasq.more.conf
+conf-dir=/etc/dnsmasq.d
diff --git a/patches/systemvm/etc/haproxy/haproxy.cfg b/patches/systemvm/etc/haproxy/haproxy.cfg
new file mode 100755
index 00000000000..1a34373de68
--- /dev/null
+++ b/patches/systemvm/etc/haproxy/haproxy.cfg
@@ -0,0 +1,26 @@
+global
+ log 127.0.0.1:3914 local0 info
+ chroot /var/lib/haproxy
+ user haproxy
+ group haproxy
+ daemon
+
+defaults
+ log global
+ mode tcp
+ option dontlognull
+ retries 3
+ option redispatch
+ option forwardfor
+ stats enable
+ stats uri /admin?stats
+ stats realm Haproxy\ Statistics
+ stats auth admin1:AdMiN123
+ option forceclose
+ timeout connect 5000
+ timeout client 50000
+ timeout server 50000
+
+
+listen 0.0.0.0:9
+ option transparent
diff --git a/patches/systemvm/etc/hosts b/patches/systemvm/etc/hosts
new file mode 100755
index 00000000000..28486e43ca8
--- /dev/null
+++ b/patches/systemvm/etc/hosts
@@ -0,0 +1,2 @@
+# @VERSION@
+10.1.1.1 gateway
diff --git a/patches/systemvm/etc/init.d/domr_webserver b/patches/systemvm/etc/init.d/domr_webserver
new file mode 100755
index 00000000000..fef8ee25321
--- /dev/null
+++ b/patches/systemvm/etc/init.d/domr_webserver
@@ -0,0 +1,7 @@
+#!/bin/bash
+# chkconfig: 345 98 02
+# description: Web server that sends passwords to User VMs
+# This file exists in /etc/init.d/ in the routing domain
+# @VERSION@
+
+bash /root/run_domr_webserver&
diff --git a/patches/systemvm/etc/init.d/postinit b/patches/systemvm/etc/init.d/postinit
new file mode 100755
index 00000000000..681d5264fd9
--- /dev/null
+++ b/patches/systemvm/etc/init.d/postinit
@@ -0,0 +1,117 @@
+#! /bin/bash
+# chkconfig: 35 11 90
+# description: pre-boot configuration using boot line parameters
+# This file exists in /etc/init.d/
+
+replace_in_file() {
+ local filename=$1
+ local keyname=$2
+ local value=$3
+ sed -i /$keyname=/d $filename
+ echo "$keyname=$value" >> $filename
+ return $?
+}
+
+setup_secstorage() {
+ public_ip=$ETH2_IP
+ sed -i /$NAME/d /etc/hosts
+ echo "$public_ip $NAME" >> /etc/hosts
+ [ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:80$/Listen $public_ip:80/" /etc/httpd/conf/httpd.conf
+ [ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:443$/Listen $public_ip:443/" /etc/httpd/conf/httpd.conf
+}
+
+setup_console_proxy() {
+ public_ip=$ETH2_IP
+ sed -i /$NAME/d /etc/hosts
+ echo "$public_ip $NAME" >> /etc/hosts
+}
+
+
+if [ -f /mnt/cmdline ]
+then
+ CMDLINE=$(cat /mnt/cmdline)
+else
+ CMDLINE=$(cat /proc/cmdline)
+fi
+
+TYPE="router"
+BOOTPROTO="static"
+
+for i in $CMDLINE
+ do
+ # search for foo=bar pattern and cut out foo
+ KEY=$(echo $i | cut -d= -f1)
+ VALUE=$(echo $i | cut -d= -f2)
+ case $KEY in
+ eth0ip)
+ ETH0_IP=$VALUE
+ ;;
+ eth1ip)
+ ETH1_IP=$VALUE
+ ;;
+ eth2ip)
+ ETH2_IP=$VALUE
+ ;;
+ gateway)
+ GW=$VALUE
+ ;;
+ eth0mask)
+ ETH0_MASK=$VALUE
+ ;;
+ eth1mask)
+ ETH1_MASK=$VALUE
+ ;;
+ eth2mask)
+ ETH2_MASK=$VALUE
+ ;;
+ dns1)
+ NS1=$VALUE
+ ;;
+ dns2)
+ NS2=$VALUE
+ ;;
+ domain)
+ DOMAIN=$VALUE
+ ;;
+ mgmtcidr)
+ MGMTNET=$VALUE
+ ;;
+ localgw)
+ LOCAL_GW=$VALUE
+ ;;
+ template)
+ TEMPLATE=$VALUE
+ ;;
+ name)
+ NAME=$VALUE
+ ;;
+ dhcprange)
+ DHCP_RANGE=$(echo $VALUE | tr ':' ',')
+ ;;
+ bootproto)
+ BOOTPROTO=$VALUE
+ ;;
+ type)
+ TYPE=$VALUE
+ ;;
+ esac
+done
+
+if [ "$BOOTPROTO" == "static" ]
+then
+ exit 0
+fi
+
+ETH1_IP=$(ifconfig eth1|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1)
+ETH2_IP=$(ifconfig eth2|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1)
+
+case $TYPE in
+ secstorage)
+ [ "$NAME" == "" ] && NAME=secstorage
+ setup_secstorage;
+ ;;
+ consoleproxy)
+ [ "$NAME" == "" ] && NAME=consoleproxy
+ setup_console_proxy;
+ ;;
+esac
diff --git a/patches/systemvm/etc/init.d/seteth1 b/patches/systemvm/etc/init.d/seteth1
new file mode 100755
index 00000000000..32a0ad704f4
--- /dev/null
+++ b/patches/systemvm/etc/init.d/seteth1
@@ -0,0 +1,246 @@
+#! /bin/bash
+# chkconfig: 35 09 90
+# description: pre-boot configuration using boot line parameters
+# This file exists in /etc/init.d/
+
+replace_in_file() {
+ local filename=$1
+ local keyname=$2
+ local value=$3
+ sed -i /$keyname=/d $filename
+ echo "$keyname=$value" >> $filename
+ return $?
+}
+
+setup_interface() {
+ local intfnum=$1
+ local ip=$2
+ local mask=$3
+
+ cfg=/etc/sysconfig/network-scripts/ifcfg-eth${intfnum}
+
+ if [ "$BOOTPROTO" == "dhcp" ]
+ then
+ if [ "$intfnum" != "0" ]
+ then
+ replace_in_file ${cfg} BOOTPROTO dhcp
+ replace_in_file ${cfg} ONBOOT Yes
+ sed -i /IPADDR/d ${cfg}
+ sed -i /NETMASK/d ${cfg}
+ return
+ fi
+ fi
+
+ replace_in_file ${cfg} IPADDR ${ip}
+ replace_in_file ${cfg} NETMASK ${mask}
+ if [ "$ip" == "0.0.0.0" ]
+ then
+ replace_in_file ${cfg} ONBOOT No
+ else
+ replace_in_file ${cfg} ONBOOT Yes
+ fi
+
+}
+
+setup_common() {
+ setup_interface "0" $ETH0_IP $ETH0_MASK
+ setup_interface "1" $ETH1_IP $ETH1_MASK
+ setup_interface "2" $ETH2_IP $ETH2_MASK
+
+ if [ "$BOOTPROTO" == "static" ]
+ then
+ replace_in_file /etc/sysconfig/network GATEWAY $GW
+ if [ -n "$ETH2_IP" -a "$ETH2_IP" != "0.0.0.0" ]
+ then
+ replace_in_file /etc/sysconfig/network GATEWAYDEV "eth2"
+ else
+ sed -i /GATEWAYDEV/d /etc/sysconfig/network
+ fi
+ else
+ sed -i /GATEWAY/d /etc/sysconfig/network
+ fi
+ replace_in_file /etc/sysconfig/network HOSTNAME $NAME
+ replace_in_file /etc/sysconfig/network NOZEROCONF yes
+ hostname $NAME
+
+ #Nameserver
+ if [ -n "$NS1" ]
+ then
+ echo "nameserver $NS1" > /etc/dnsmasq-resolv.conf
+ echo "nameserver $NS1" > /etc/resolv.conf
+ fi
+
+ if [ -n "$NS2" ]
+ then
+ echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
+ echo "nameserver $NS2" >> /etc/resolv.conf
+ fi
+ if [[ -n "$MGMTNET" && -n "$LOCAL_GW" ]]
+ then
+ echo "$MGMTNET via $LOCAL_GW dev eth1" > /etc/sysconfig/network-scripts/route-eth1
+ fi
+}
+
+setup_router() {
+ setup_common
+ [ -z $DHCP_RANGE ] && DHCP_RANGE=$ETH0_IP
+ if [ -n "$DOMAIN" ]
+ then
+ #send domain name to dhcp clients
+ sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf
+ #DNS server will append $DOMAIN to local queries
+ sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
+ #answer all local domain queries
+ sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
+ fi
+ sed -i -e "s/^dhcp-range=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf
+ sed -i -e "s/^[#]*listen-address=.*$/listen-address=$ETH0_IP/" /etc/dnsmasq.conf
+ sed -i /gateway/d /etc/hosts
+ echo "$ETH0_IP $NAME" >> /etc/hosts
+ [ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*$/Listen $ETH0_IP:80/" /etc/httpd/conf/httpd.conf
+ [ -f /etc/httpd/conf.d/ssl.conf ] && mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak
+ [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ETH1_IP/" /etc/ssh/sshd_config
+}
+
+setup_dhcpsrvr() {
+ setup_common
+ [ -z $DHCP_RANGE ] && DHCP_RANGE=$ETH0_IP
+ [ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
+ if [ -n "$DOMAIN" ]
+ then
+ #send domain name to dhcp clients
+ sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf
+ #DNS server will append $DOMAIN to local queries
+ sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
+ #answer all local domain queries
+ sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
+ fi
+ sed -i -e "s/^dhcp-range=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf
+ sed -i -e "s/^[#]*dhcp-option=option:router.*$/dhcp-option=option:router,$GW/" /etc/dnsmasq.conf
+ #for now set up ourself as the dns server as well
+ sed -i s/[#]*dhcp-option=6.*$/dhcp-option=6,\"$NS1\",\"$NS2\"/ /etc/dnsmasq.conf
+ sed -i /gateway/d /etc/hosts
+ echo "$ETH0_IP $NAME" >> /etc/hosts
+ [ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*$/Listen $ETH0_IP:80/" /etc/httpd/conf/httpd.conf
+ [ -f /etc/httpd/conf.d/ssl.conf ] && mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak
+ [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ETH1_IP/" /etc/ssh/sshd_config
+}
+
+setup_secstorage() {
+ setup_common
+ sed -i /gateway/d /etc/hosts
+ public_ip=$ETH2_IP
+ [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP
+ echo "$public_ip $NAME" >> /etc/hosts
+ [ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:80$/Listen $public_ip:80/" /etc/httpd/conf/httpd.conf
+ [ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:443$/Listen $public_ip:443/" /etc/httpd/conf/httpd.conf
+}
+
+setup_console_proxy() {
+ setup_common
+ public_ip=$ETH2_IP
+ [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP
+ sed -i /gateway/d /etc/hosts
+ echo "$public_ip $NAME" >> /etc/hosts
+}
+
+if [ -f /mnt/cmdline ]
+then
+ CMDLINE=$(cat /mnt/cmdline)
+else
+ CMDLINE=$(cat /proc/cmdline)
+fi
+
+
+if [ ! -d /root/.ssh ]
+then
+ mkdir /root/.ssh
+ chmod 700 /root/.ssh
+fi
+if [ -f /mnt/id_rsa.pub ]
+then
+ cat /mnt/id_rsa.pub > /root/.ssh/authorized_keys
+ chmod 600 /root/.ssh/authorized_keys
+fi
+
+TYPE="router"
+BOOTPROTO="static"
+
+for i in $CMDLINE
+ do
+ # search for foo=bar pattern and cut out foo
+ KEY=$(echo $i | cut -d= -f1)
+ VALUE=$(echo $i | cut -d= -f2)
+ case $KEY in
+ eth0ip)
+ ETH0_IP=$VALUE
+ ;;
+ eth1ip)
+ ETH1_IP=$VALUE
+ ;;
+ eth2ip)
+ ETH2_IP=$VALUE
+ ;;
+ gateway)
+ GW=$VALUE
+ ;;
+ eth0mask)
+ ETH0_MASK=$VALUE
+ ;;
+ eth1mask)
+ ETH1_MASK=$VALUE
+ ;;
+ eth2mask)
+ ETH2_MASK=$VALUE
+ ;;
+ dns1)
+ NS1=$VALUE
+ ;;
+ dns2)
+ NS2=$VALUE
+ ;;
+ domain)
+ DOMAIN=$VALUE
+ ;;
+ mgmtcidr)
+ MGMTNET=$VALUE
+ ;;
+ localgw)
+ LOCAL_GW=$VALUE
+ ;;
+ template)
+ TEMPLATE=$VALUE
+ ;;
+ name)
+ NAME=$VALUE
+ ;;
+ dhcprange)
+ DHCP_RANGE=$(echo $VALUE | tr ':' ',')
+ ;;
+ bootproto)
+ BOOTPROTO=$VALUE
+ ;;
+ type)
+ TYPE=$VALUE
+ ;;
+ esac
+done
+
+case $TYPE in
+ router)
+ [ "$NAME" == "" ] && NAME=router
+ setup_router
+ ;;
+ dhcpsrvr)
+ [ "$NAME" == "" ] && NAME=dhcpsrvr
+ setup_dhcpsrvr
+ ;;
+ secstorage)
+ [ "$NAME" == "" ] && NAME=secstorage
+ setup_secstorage;
+ ;;
+ consoleproxy)
+ [ "$NAME" == "" ] && NAME=consoleproxy
+ setup_console_proxy;
+ ;;
+esac
diff --git a/patches/systemvm/etc/init.d/vmops b/patches/systemvm/etc/init.d/vmops
new file mode 100755
index 00000000000..f0c4b3e2c0f
--- /dev/null
+++ b/patches/systemvm/etc/init.d/vmops
@@ -0,0 +1,140 @@
+#!/bin/bash
+#
+# vmops Script to start and stop VMOps console proxy in domR/domP.
+#
+# Author: Chiradeep Vittal
+# chkconfig: 2345 99 01
+# description: Start up the VMOps agent
+#
+# This file exists in /etc/init.d/ in the domR/DomP
+# with a software link /etc/rc.d/rc3.d/S99vmops pointed to it
+#
+# @VERSION@
+
+if [ -f /mnt/cmdline ]
+then
+ CMDLINE=$(cat /mnt/cmdline)
+else
+ CMDLINE=$(cat /proc/cmdline)
+fi
+TEMPLATE="domR"
+for i in $CMDLINE
+ do
+ # search for foo=bar pattern and cut out foo
+ FIRSTPATTERN=$(echo $i | cut -d= -f1)
+ case $FIRSTPATTERN in
+ template)
+ TEMPLATE=$(echo $i | cut -d= -f2)
+ ;;
+ esac
+done
+
+# Source function library.
+if [ -f /etc/init.d/functions ]
+then
+ . /etc/init.d/functions
+fi
+
+_success() {
+ if [ -f /etc/init.d/functions ]
+ then
+ success
+ else
+ echo "Success"
+ fi
+}
+
+_failure() {
+ if [ -f /etc/init.d/functions ]
+ then
+ failure
+ else
+ echo "Failed"
+ fi
+}
+RETVAL=$?
+VMOPS_HOME="/usr/local/vmops"
+
+# mkdir -p /var/log/vmops
+
+get_pids() {
+ local i
+ for i in $(ps -ef| grep java | grep -v grep | awk '{print $2}');
+ do
+ echo $(pwdx $i) | grep "$VMOPS_HOME" | grep -i console | awk -F: '{print $1}';
+ done
+}
+
+start() {
+ if [ "$TEMPLATE" == "domP" ];
+ then
+ local pid=$(get_pids)
+ echo -n "Starting VMOps Console Proxy: "
+ if [ -f $VMOPS_HOME/consoleproxy/run.sh ];
+ then
+ if [ "$pid" == "" ]
+ then
+ if [ ! -d /var/log/vmops ]
+ then
+ mkdir -p /var/log/vmops
+ fi
+ if [ ! -f /var/log/vmops/vmops.out ]
+ then
+ touch /var/log/vmops/vmops.out
+ fi
+ (cd $VMOPS_HOME/consoleproxy; nohup ./run.sh > /var/log/vmops/vmops.out 2>&1 & )
+ pid=$(get_pids)
+ echo $pid > /var/run/vmops.pid
+ fi
+ _success
+ else
+ _failure
+ fi
+ echo
+ fi
+}
+
+stop() {
+ if [ "$TEMPLATE" == "domP" ];
+ then
+ local pid
+ echo -n "Stopping VMOps agent: "
+ for pid in $(get_pids)
+ do
+ kill $pid
+ done
+ _success
+ echo
+ fi
+}
+
+status() {
+ if [ "$TEMPLATE" == "domP" ];
+ then
+ local pids=$(get_pids)
+ if [ "$pids" == "" ]
+ then
+ echo "VMOps agent is not running"
+ return 1
+ fi
+ echo "VMOps agent is running: process id: $pids"
+ fi
+ return 0
+}
+
+case "$1" in
+ start) start
+ ;;
+ stop) stop
+ ;;
+ status) status
+ ;;
+ restart) stop
+ start
+ ;;
+ *) echo $"Usage: $0 {start|stop|status|restart}"
+ exit 1
+ ;;
+esac
+
+exit $RETVAL
diff --git a/patches/systemvm/etc/rc.local b/patches/systemvm/etc/rc.local
new file mode 100755
index 00000000000..6a6c84a2117
--- /dev/null
+++ b/patches/systemvm/etc/rc.local
@@ -0,0 +1,10 @@
+#!/bin/sh
+#
+# This script will be executed *after* all the other init scripts.
+# You can put your own initialization stuff in here if you don't
+# want to do the full Sys V style init stuff.
+# @VERSION@
+
+touch /var/lock/subsys/local
+ethtool -K eth0 tx off
+ethtool -K eth1 tx off
diff --git a/patches/systemvm/etc/ssh/sshd_config b/patches/systemvm/etc/ssh/sshd_config
new file mode 100755
index 00000000000..9ce6bccbb10
--- /dev/null
+++ b/patches/systemvm/etc/ssh/sshd_config
@@ -0,0 +1,128 @@
+# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $
+
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options change a
+# default value.
+
+Port 3922
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# Disable legacy (protocol version 1) support in the server for new
+# installations. In future the default will change to require explicit
+# activation of protocol 1
+Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 768
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+SyslogFacility AUTHPRIV
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+#AuthorizedKeysFile .ssh/authorized_keys
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+PasswordAuthentication no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+GSSAPIAuthentication yes
+#GSSAPICleanupCredentials yes
+GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+UsePAM yes
+
+# Accept locale-related environment variables
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#ShowPatchLevel no
+UseDNS no
+#PidFile /var/run/sshd.pid
+#MaxStartups 10
+#PermitTunnel no
+
+# no default banner path
+#Banner /some/path
+
+# override default of no subsystems
+Subsystem sftp /usr/libexec/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# ForceCommand cvs server
diff --git a/patches/systemvm/etc/sysconfig/iptables-consoleproxy b/patches/systemvm/etc/sysconfig/iptables-consoleproxy
new file mode 100644
index 00000000000..92a26f7b558
--- /dev/null
+++ b/patches/systemvm/etc/sysconfig/iptables-consoleproxy
@@ -0,0 +1,20 @@
+# Generated by iptables-save v1.3.8 on Thu Oct 1 18:16:05 2009
+*nat
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 3922 -j ACCEPT
+-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT
+-A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
+-A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
+COMMIT
diff --git a/patches/systemvm/etc/sysconfig/iptables-domr b/patches/systemvm/etc/sysconfig/iptables-domr
new file mode 100644
index 00000000000..3bc7b50f74a
--- /dev/null
+++ b/patches/systemvm/etc/sysconfig/iptables-domr
@@ -0,0 +1,24 @@
+*nat
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i eth0 -p udp -m udp --dport 67 -j ACCEPT
+-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
+-A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
+-A INPUT -i eth0 -p tcp -m state --state NEW --dport 8080 -j ACCEPT
+-A INPUT -i eth0 -p tcp -m state --state NEW --dport 80 -j ACCEPT
+-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i eth0 -o eth2 -j ACCEPT
+-A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+COMMIT
+
diff --git a/patches/systemvm/etc/sysconfig/iptables-secstorage b/patches/systemvm/etc/sysconfig/iptables-secstorage
new file mode 100644
index 00000000000..ef733c431a0
--- /dev/null
+++ b/patches/systemvm/etc/sysconfig/iptables-secstorage
@@ -0,0 +1,20 @@
+# Generated by iptables-save v1.3.8 on Thu Oct 1 18:16:05 2009
+*nat
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+:HTTP - [0:0]
+-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 80 -j HTTP
+-A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 80 -j DROP
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
+COMMIT
diff --git a/patches/systemvm/etc/sysctl.conf b/patches/systemvm/etc/sysctl.conf
new file mode 100644
index 00000000000..ba5cbe6137d
--- /dev/null
+++ b/patches/systemvm/etc/sysctl.conf
@@ -0,0 +1,33 @@
+# Kernel sysctl configuration file for Red Hat Linux
+#
+# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
+# sysctl.conf(5) for more details.
+# @VERSION@
+
+# Controls IP packet forwarding
+net.ipv4.ip_forward = 1
+
+# Controls source route verification
+net.ipv4.conf.default.rp_filter = 1
+
+# Do not accept source routing
+net.ipv4.conf.default.accept_source_route = 0
+
+# Respect local interface in ARP interactions
+net.ipv4.conf.default.arp_announce = 2
+net.ipv4.conf.default.arp_ignore = 2
+net.ipv4.conf.all.arp_announce = 2
+net.ipv4.conf.all.arp_ignore = 2
+
+
+# Controls the System Request debugging functionality of the kernel
+kernel.sysrq = 0
+
+# Controls whether core dumps will append the PID to the core filename.
+# Useful for debugging multi-threaded applications.
+kernel.core_uses_pid = 1
+
+# Controls the use of TCP syncookies
+net.ipv4.tcp_syncookies = 1
+
+net.netfilter.nf_conntrack_max=65536
diff --git a/patches/systemvm/root/.ssh/authorized_keys b/patches/systemvm/root/.ssh/authorized_keys
new file mode 100644
index 00000000000..2cb275c2582
--- /dev/null
+++ b/patches/systemvm/root/.ssh/authorized_keys
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3VD1tGRDn3stlJvPNXmQZdQCNjqcfY+xlitd5q0n3KYqJ5OBrty3/00XBUdLt31TbQ4dv+GR7uEr+ex7rm0jjmTFKV4rHYPi882CuC5+bkBp5R4k+mpcyKbxb+IoNS9ItbiExQxMiiRQpHvNem0GGnNFO3lElRPwUFs8evTvZu5HcTj4k4RJLJ66jeIGJ3sMAJ03SICGwfEZjrsyeOMwJk7cH8WNeuNzxzoZd9v02eI0lHdK9O5z7FwrxvRBbzsmJ0EwuhbH8pR7WR6kGLTNP9KEwtrnzV1LYWd+rFoSeh6ImExG7fma3Ldydg8CPTQsjvCEQUxiuV1/x5am5VJlUw== root@r-6-TEST
diff --git a/patches/systemvm/root/clearUsageRules.sh b/patches/systemvm/root/clearUsageRules.sh
new file mode 100755
index 00000000000..2517d42e2e0
--- /dev/null
+++ b/patches/systemvm/root/clearUsageRules.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+# clearUsageRules.sh - remove iptable rules for removed public interfaces
+#
+#
+# @VERSION@
+
+# if removedVifs file doesn't exist, no rules to be cleared
+if [ -f /root/removedVifs ]
+then
+ var=`cat /root/removedVifs`
+ # loop through even vif to be cleared
+ for i in $var; do
+ # Make sure vif doesn't exist
+ if [ ! -f /sys/class/net/$i ]
+ then
+ # remove rules
+ iptables -D NETWORK_STATS -i eth0 -o $i > /dev/null;
+ iptables -D NETWORK_STATS -i $i -o eth0 > /dev/null;
+ fi
+ done
+rm /root/removedVifs
+fi
diff --git a/patches/systemvm/root/edithosts.sh b/patches/systemvm/root/edithosts.sh
new file mode 100755
index 00000000000..5193376b8b5
--- /dev/null
+++ b/patches/systemvm/root/edithosts.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+# edithosts.sh -- edit the dhcphosts file on the routing domain
+# $1 : the mac address
+# $2 : the associated ip address
+# $3 : the hostname
+
+wait_for_dnsmasq () {
+ local _pid=$(/sbin/pidof dnsmasq)
+ for i in 0 1 2 3 4 5 6 7 8 9 10
+ do
+ sleep 1
+ _pid=$(/sbin/pidof dnsmasq)
+ [ "$_pid" != "" ] && break;
+ done
+ [ "$_pid" != "" ] && return 0;
+ echo "edithosts: timed out waiting for dnsmasq to start"
+ return 1
+}
+
+#delete any previous entries from the dhcp hosts file
+sed -i /$1/d /etc/dhcphosts.txt
+sed -i /$2,/d /etc/dhcphosts.txt
+sed -i /$3,/d /etc/dhcphosts.txt
+
+#put in the new entry
+echo "$1,$2,$3,infinite" >>/etc/dhcphosts.txt
+
+#delete leases to supplied mac and ip addresses
+sed -i /$1/d /var/lib/misc/dnsmasq.leases
+sed -i /"$2 "/d /var/lib/misc/dnsmasq.leases
+sed -i /"$3 "/d /var/lib/misc/dnsmasq.leases
+
+#put in the new entry
+echo "0 $1 $2 $3 *" >> /var/lib/misc/dnsmasq.leases
+
+#edit hosts file as well
+sed -i /"$2 "/d /etc/hosts
+sed -i /"$3"/d /etc/hosts
+echo "$2 $3" >> /etc/hosts
+
+# make dnsmasq re-read files
+pid=$(/sbin/pidof dnsmasq)
+if [ "$pid" != "" ]
+then
+ service dnsmasq restart
+else
+ wait_for_dnsmasq
+fi
+
+exit $?
diff --git a/patches/systemvm/root/firewall.sh b/patches/systemvm/root/firewall.sh
new file mode 100755
index 00000000000..89cd0d4a95e
--- /dev/null
+++ b/patches/systemvm/root/firewall.sh
@@ -0,0 +1,204 @@
+#!/usr/bin/env bash
+# $Id: firewall.sh 9947 2010-06-25 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/xenserver/root/firewall.sh $
+# firewall.sh -- allow some ports / protocols to vm instances
+#
+#
+# @VERSION@
+
+usage() {
+ printf "Usage: %s: (-A|-D) -i -r -P protocol (-p port_range | -t icmp_type_code) -l -d [-f -u -y -z ] \n" $(basename $0) >&2
+}
+
+set -x
+
+get_dom0_ip () {
+ eval "$1=$(ifconfig eth0 | awk '/inet addr/ {split ($2,A,":"); print A[2]}')"
+ return 0
+}
+
+
+#Add the tcp firewall entries into iptables in the routing domain
+tcp_entry() {
+ local instIp=$1
+ local dport=$2
+ local pubIp=$3
+ local port=$4
+ local op=$5
+
+ for vif in $VIF_LIST; do
+ iptables -t nat $op PREROUTING --proto tcp -i $vif -d $pubIp --destination-port $port -j DNAT --to-destination $instIp:$dport >/dev/null;
+ done;
+
+ iptables -t nat $op OUTPUT --proto tcp -d $pubIp --destination-port $port -j DNAT --to-destination $instIp:$dport >/dev/null;
+ iptables $op FORWARD -p tcp -s 0/0 -d $instIp -m state --state ESTABLISHED,RELATED -j ACCEPT > /dev/null;
+ iptables $op FORWARD -p tcp -s 0/0 -d $instIp --destination-port $dport --syn -j ACCEPT > /dev/null;
+
+ return $?
+}
+
+#Add the udp firewall entries into iptables in the routing domain
+udp_entry() {
+ local instIp=$1
+ local dport=$2
+ local pubIp=$3
+ local port=$4
+ local op=$5
+
+ for vif in $VIF_LIST; do
+ iptables -t nat $op PREROUTING --proto udp -i $vif -d $pubIp --destination-port $port -j DNAT --to-destination $instIp:$dport >/dev/null;
+ done;
+
+ iptables -t nat $op OUTPUT --proto udp -d $pubIp --destination-port $port -j DNAT --to-destination $instIp:$dport >/dev/null;
+ iptables $op FORWARD -p udp -s 0/0 -d $instIp --destination-port $dport -j ACCEPT > /dev/null;
+
+ return $?
+}
+
+#Add the icmp firewall entries into iptables in the routing domain
+icmp_entry() {
+ local instIp=$1
+ local icmptype=$2
+ local pubIp=$3
+ local op=$4
+
+ for vif in $VIF_LIST; do
+ iptables -t nat $op PREROUTING --proto icmp -i $vif -d $pubIp --icmp-type $icmptype -j DNAT --to-destination $instIp >/dev/null;
+ done;
+
+ iptables -t nat $op OUTPUT --proto icmp -d $pubIp --icmp-type $icmptype -j DNAT --to-destination $instIp:$dport >/dev/null;
+ iptables $op FORWARD -p icmp -s 0/0 -d $instIp --icmp-type $icmptype -j ACCEPT > /dev/null;
+
+ return $?
+}
+
+get_vif_list() {
+ local vif_list=""
+ for i in /sys/class/net/eth*; do
+ vif=$(basename $i);
+ if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ]
+ then
+ vif_list="$vif_list $vif";
+ fi
+ done
+
+ echo $vif_list
+}
+
+reverse_op() {
+ local op=$1
+
+ if [ "$op" == "-A" ]
+ then
+ echo "-D"
+ else
+ echo "-A"
+ fi
+}
+
+rflag=
+iflag=
+Pflag=
+pflag=
+tflag=
+lflag=
+dflag=
+oflag=
+wflag=
+xflag=
+nflag=
+Nflag=
+op=""
+oldPrivateIP=""
+oldPrivatePort=""
+
+while getopts 'ADr:i:P:p:t:l:d:w:x:n:N:' OPTION
+do
+ case $OPTION in
+ A) Aflag=1
+ op="-A"
+ ;;
+ D) Dflag=1
+ op="-D"
+ ;;
+ i) iflag=1
+ domRIp="$OPTARG"
+ ;;
+ r) rflag=1
+ instanceIp="$OPTARG"
+ ;;
+ P) Pflag=1
+ protocol="$OPTARG"
+ ;;
+ p) pflag=1
+ ports="$OPTARG"
+ ;;
+ t) tflag=1
+ icmptype="$OPTARG"
+ ;;
+ l) lflag=1
+ publicIp="$OPTARG"
+ ;;
+ d) dflag=1
+ dport="$OPTARG"
+ ;;
+ w) wflag=1
+ oldPrivateIP="$OPTARG"
+ ;;
+ x) xflag=1
+ oldPrivatePort="$OPTARG"
+ ;;
+ n) nflag=1
+ domRName="$OPTARG"
+ ;;
+ N) Nflag=1
+ netmask="$OPTARG"
+ ;;
+ ?) usage
+ exit 2
+ ;;
+ esac
+done
+
+reverseOp=$(reverse_op $op)
+
+VIF_LIST=$(get_vif_list)
+
+case $protocol in
+ "tcp")
+ # If oldPrivateIP was passed in, this is an update. Delete the old rule from DomR.
+ if [ "$oldPrivateIP" != "" ]
+ then
+ tcp_entry $oldPrivateIP $oldPrivatePort $publicIp $ports "-D"
+ fi
+
+ # Add/delete the new rule
+ tcp_entry $instanceIp $dport $publicIp $ports $op
+ exit $?
+ ;;
+ "udp")
+ # If oldPrivateIP was passed in, this is an update. Delete the old rule from DomR.
+ if [ "$oldPrivateIP" != "" ]
+ then
+ udp_entry $oldPrivateIP $oldPrivatePort $publicIp $ports "-D"
+ fi
+
+ # Add/delete the new rule
+ udp_entry $instanceIp $dport $publicIp $ports $op
+ exit $?
+ ;;
+ "icmp")
+ # If oldPrivateIP was passed in, this is an update. Delete the old rule from DomR.
+ if [ "$oldPrivateIP" != "" ]
+ then
+ icmp_entry $oldPrivateIp $icmptype $publicIp "-D"
+ fi
+
+ # Add/delete the new rule
+ icmp_entry $instanceIp $icmptype $publicIp $op
+ exit $?
+ ;;
+ *)
+ printf "Invalid protocol-- must be tcp, udp or icmp\n" >&2
+ exit 5
+ ;;
+esac
diff --git a/patches/systemvm/root/loadbalancer.sh b/patches/systemvm/root/loadbalancer.sh
new file mode 100755
index 00000000000..f6c2c5d7e93
--- /dev/null
+++ b/patches/systemvm/root/loadbalancer.sh
@@ -0,0 +1,167 @@
+#!/usr/bin/env bash
+# $Id: loadbalancer.sh 9947 2010-06-25 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/xenserver/root/loadbalancer.sh $
+# loadbalancer.sh -- reconfigure loadbalancer rules
+#
+#
+# @VERSION@
+
+usage() {
+ printf "Usage: %s: -i -a -d -f \n" $(basename $0) >&2
+}
+
+# set -x
+
+# check if gateway domain is up and running
+check_gw() {
+ ping -c 1 -n -q $1 > /dev/null
+ if [ $? -gt 0 ]
+ then
+ sleep 1
+ ping -c 1 -n -q $1 > /dev/null
+ fi
+ return $?;
+}
+
+# firewall entry to ensure that haproxy can receive on specified port
+fw_entry() {
+ local added=$1
+ local removed=$2
+
+ if [ "$added" == "none" ]
+ then
+ added=""
+ fi
+
+ if [ "$removed" == "none" ]
+ then
+ removed=""
+ fi
+
+ local a=$(echo $added | cut -d, -f1- --output-delimiter=" ")
+ local r=$(echo $removed | cut -d, -f1- --output-delimiter=" ")
+
+ for i in $a
+ do
+ local pubIp=$(echo $i | cut -d: -f1)
+ local dport=$(echo $i | cut -d: -f2)
+
+ for vif in $VIF_LIST; do
+ iptables -D INPUT -i $vif -p tcp -d $pubIp --dport $dport -j ACCEPT 2> /dev/null
+ iptables -A INPUT -i $vif -p tcp -d $pubIp --dport $dport -j ACCEPT
+
+ if [ $? -gt 0 ]
+ then
+ return 1
+ fi
+ done
+ done
+
+ for i in $r
+ do
+ local pubIp=$(echo $i | cut -d: -f1)
+ local dport=$(echo $i | cut -d: -f2)
+
+ for vif in $VIF_LIST; do
+ iptables -D INPUT -i $vif -p tcp -d $pubIp --dport $dport -j ACCEPT
+ done
+ done
+
+ return 0
+}
+
+#Hot reconfigure HA Proxy in the routing domain
+reconfig_lb() {
+ /root/reconfigLB.sh
+ return $?
+}
+
+# Restore the HA Proxy to its previous state, and revert iptables rules on DomR
+restore_lb() {
+ # Copy the old version of haproxy.cfg into the file that reconfigLB.sh uses
+ cp /etc/haproxy/haproxy.cfg.old /etc/haproxy/haproxy.cfg.new
+
+ if [ $? -eq 0 ]
+ then
+ # Run reconfigLB.sh again
+ /root/reconfigLB.sh
+ fi
+}
+
+get_vif_list() {
+ local vif_list=""
+ for i in /sys/class/net/eth*; do
+ vif=$(basename $i);
+ if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ]
+ then
+ vif_list="$vif_list $vif";
+ fi
+ done
+
+ echo $vif_list
+}
+
+mflag=
+iflag=
+aflag=
+dflag=
+fflag=
+
+while getopts 'i:a:d:f:' OPTION
+do
+ case $OPTION in
+ i) iflag=1
+ domRIp="$OPTARG"
+ ;;
+ a) aflag=1
+ addedIps="$OPTARG"
+ ;;
+ d) dflag=1
+ removedIps="$OPTARG"
+ ;;
+ f) fflag=1
+ cfgfile="$OPTARG"
+ ;;
+ ?) usage
+ exit 2
+ ;;
+ esac
+done
+
+VIF_LIST=$(get_vif_list)
+
+# hot reconfigure haproxy
+reconfig_lb $cfgfile
+
+if [ $? -gt 0 ]
+then
+ printf "Reconfiguring loadbalancer failed\n"
+ exit 1
+fi
+
+if [ "$addedIps" == "" ]
+then
+ addedIps="none"
+fi
+
+if [ "$removedIps" == "" ]
+then
+ removedIps="none"
+fi
+
+# iptables entry to ensure that haproxy receives traffic
+fw_entry $addedIps $removedIps
+
+if [ $? -gt 0 ]
+then
+ # Restore the LB
+ restore_lb
+
+ # Revert iptables rules on DomR, with addedIps and removedIps swapped
+ fw_entry $removedIps $addedIps
+
+ exit 1
+fi
+
+exit 0
+
+
diff --git a/patches/systemvm/root/patchsystemvm.sh b/patches/systemvm/root/patchsystemvm.sh
new file mode 100755
index 00000000000..8a25ebf894c
--- /dev/null
+++ b/patches/systemvm/root/patchsystemvm.sh
@@ -0,0 +1,116 @@
+#/bin/bash
+# $Id: patchsystemvm.sh 10800 2010-07-16 13:48:39Z edison $ $HeadURL: svn://svn.lab.vmops.com/repos/branches/2.1.x/java/scripts/vm/hypervisor/xenserver/prepsystemvm.sh $
+
+#set -x
+logfile="/var/log/patchsystemvm.log"
+#
+# To use existing console proxy .zip-based package file
+#
+patch_console_proxy() {
+ local patchfile=$1
+ rm /usr/local/cloud/systemvm -rf
+ mkdir -p /usr/local/cloud/systemvm
+ echo "All" | unzip $patchfile -d /usr/local/cloud/systemvm >$logfile 2>&1
+ find /usr/local/cloud/systemvm/ -name \*.sh | xargs chmod 555
+ return 0
+}
+
+consoleproxy_svcs() {
+ chkconfig cloud on
+ chkconfig postinit on
+ chkconfig domr_webserver off
+ chkconfig haproxy off ;
+ chkconfig dnsmasq off
+ chkconfig sshd on
+ chkconfig httpd off
+ chkconfig nfs off
+ chkconfig nfslock off
+ chkconfig rpcbind off
+ chkconfig rpcidmap off
+ cp /etc/sysconfig/iptables-consoleproxy /etc/sysconfig/iptables
+ mkdir -p /var/log/cloud
+}
+
+secstorage_svcs() {
+ chkconfig cloud on
+ chkconfig postinit on
+ chkconfig domr_webserver off
+ chkconfig haproxy off ;
+ chkconfig dnsmasq off
+ chkconfig sshd on
+ chkconfig httpd off
+ cp /etc/sysconfig/iptables-secstorage /etc/sysconfig/iptables
+ scp 169.254.0.1:/usr/sbin/vhd-util /usr/sbin
+ mkdir -p /var/log/cloud
+}
+
+routing_svcs() {
+ chkconfig cloud off
+ chkconfig domr_webserver on ;
+ chkconfig haproxy on ;
+ chkconfig dnsmasq on
+ chkconfig sshd on
+ chkconfig nfs off
+ chkconfig nfslock off
+ chkconfig rpcbind off
+ chkconfig rpcidmap off
+ cp /etc/sysconfig/iptables-domr /etc/sysconfig/iptables
+}
+
+CMDLINE=$(cat /proc/cmdline)
+TYPE="router"
+
+for i in $CMDLINE
+ do
+ # search for foo=bar pattern and cut out foo
+ KEY=$(echo $i | cut -d= -f1)
+ VALUE=$(echo $i | cut -d= -f2)
+ case $KEY in
+ type)
+ TYPE=$VALUE
+ ;;
+ *)
+ ;;
+ esac
+done
+
+if [ "$TYPE" = "consoleproxy" ] || [ "$TYPE" = "secstorage" ] && [ -f /media/cdrom/systemvm.zip ]
+then
+ patch_console_proxy /media/cdrom/systemvm.zip
+ if [ $? -gt 0 ]
+ then
+ printf "Failed to apply patch systemvm\n" >$logfile
+ exit 5
+ fi
+fi
+
+
+#empty known hosts
+echo "" > /root/.ssh/known_hosts
+
+if [ "$TYPE" = "consoleproxy" ]
+then
+ consoleproxy_svcs
+ if [ $? -gt 0 ]
+ then
+ printf "Failed to execute consoleproxy_svcs\n" >$logfile
+ exit 6
+ fi
+elif [ "$TYPE" = "secstorage" ]
+then
+ secstorage_svcs
+ if [ $? -gt 0 ]
+ then
+ printf "Failed to execute secstorage_svcs\n" >$logfile
+ exit 7
+ fi
+else
+ routing_svcs
+ if [ $? -gt 0 ]
+ then
+ printf "Failed to execute routing_svcs\n" >$logfile
+ exit 8
+ fi
+fi
+
+exit $?
diff --git a/patches/systemvm/root/reconfigLB.sh b/patches/systemvm/root/reconfigLB.sh
new file mode 100755
index 00000000000..3b1155ebfde
--- /dev/null
+++ b/patches/systemvm/root/reconfigLB.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+# $Id: reconfigLB.sh 9947 2010-06-25 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/kvm/root/reconfigLB.sh $
+# @VERSION@
+
+# save previous state
+ mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.old
+ mv /var/run/haproxy.pid /var/run/haproxy.pid.old
+
+ mv /etc/haproxy/haproxy.cfg.new /etc/haproxy/haproxy.cfg
+ kill -TTOU $(cat /var/run/haproxy.pid.old)
+ sleep 2
+ if haproxy -D -p /var/run/haproxy.pid -f /etc/haproxy/haproxy.cfg; then
+ echo "New haproxy instance successfully loaded, stopping previous one."
+ kill -KILL $(cat /var/run/haproxy.pid.old)
+ rm -f /var/run/haproxy.pid.old
+ exit 0
+ else
+ echo "New instance failed to start, resuming previous one."
+ kill -TTIN $(cat /var/run/haproxy.pid.old)
+ rm -f /var/run/haproxy.pid
+ mv /var/run/haproxy.pid.old /var/run/haproxy.pid
+ mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.new
+ mv /etc/haproxy/haproxy.cfg.old /etc/haproxy/haproxy.cfg
+ exit 1
+ fi
diff --git a/patches/systemvm/root/run_domr_webserver b/patches/systemvm/root/run_domr_webserver
new file mode 100755
index 00000000000..39ee48417e2
--- /dev/null
+++ b/patches/systemvm/root/run_domr_webserver
@@ -0,0 +1,17 @@
+#!/bin/bash
+# @VERSION@
+
+guestIp=$(ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
+
+while true
+do
+ /usr/bin/socat TCP4-LISTEN:8080,reuseaddr,crnl,bind=$guestIp SYSTEM:"/root/send_password_to_domu.sh \"\$SOCAT_PEERADDR\""
+
+ rc=$?
+ if [ $rc -ne 0 ]
+ then
+ logger "Socat failed with error code $rc. Restarting socat..."
+ sleep 3
+ fi
+
+done
diff --git a/patches/systemvm/root/send_password_to_domu.sh b/patches/systemvm/root/send_password_to_domu.sh
new file mode 100755
index 00000000000..d785fa41e55
--- /dev/null
+++ b/patches/systemvm/root/send_password_to_domu.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+# $Id: send_password_to_domu.sh 9947 2010-06-25 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/kvm/root/send_password_to_domu.sh $
+# @VERSION@
+
+# set -x
+
+#replace a line in a file of the form key=value
+# $1 filename
+# $2 keyname
+# $3 value
+replace_in_file() {
+ local filename=$1
+ local keyname=$2
+ local value=$3
+ sed -i /$keyname=/d $filename
+ echo "$keyname=$value" >> $filename
+ return $?
+}
+
+#get a value from a file in the form key=value
+# $1 filename
+# $2 keyname
+get_value() {
+ local filename=$1
+ local keyname=$2
+ grep -i $keyname= $filename | cut -d= -f2
+}
+
+ip=$1
+
+logger "send_password_to_domu called to service a request for $ip."
+
+while read input
+do
+ if [ "$input" == "" ]
+ then
+ break
+ fi
+
+ request=$(echo $input | grep "DomU_Request:" | cut -d: -f2 | sed 's/^[ \t]*//')
+
+ if [ "$request" != "" ]
+ then
+ break
+ fi
+done
+
+# echo -e \"\\\"HTTP/1.0 200 OK\\\nDocumentType: text/plain\\\n\\\n\\\"\";
+
+if [ "$request" == "send_my_password" ]
+then
+ password=$(get_value /root/passwords $ip)
+ if [ "$password" == "" ]
+ then
+ logger "send_password_to_domu sent bad_request to $ip."
+ echo "bad_request"
+ else
+ logger "send_password_to_domu sent a password to $ip."
+ echo $password
+ fi
+else
+ if [ "$request" == "saved_password" ]
+ then
+ replace_in_file /root/passwords $ip "saved_password"
+ logger "send_password_to_domu sent saved_password to $ip."
+ echo "saved_password"
+ else
+ logger "send_password_to_domu sent bad_request to $ip."
+ echo "bad_request"
+ fi
+fi
+
+# echo -e \"\\\"\\\n\\\"\"
+
+exit 0
diff --git a/patches/systemvm/var/www/html/latest/.htaccess b/patches/systemvm/var/www/html/latest/.htaccess
new file mode 100644
index 00000000000..c62613d1fda
--- /dev/null
+++ b/patches/systemvm/var/www/html/latest/.htaccess
@@ -0,0 +1,4 @@
+Options +FollowSymLinks
+Options -Indexes
+RewriteEngine On
+
diff --git a/patches/systemvm/var/www/html/metadata/.htaccess b/patches/systemvm/var/www/html/metadata/.htaccess
new file mode 100644
index 00000000000..5a928f6da25
--- /dev/null
+++ b/patches/systemvm/var/www/html/metadata/.htaccess
@@ -0,0 +1 @@
+Options -Indexes
diff --git a/patches/systemvm/var/www/html/userdata/.htaccess b/patches/systemvm/var/www/html/userdata/.htaccess
new file mode 100644
index 00000000000..5a928f6da25
--- /dev/null
+++ b/patches/systemvm/var/www/html/userdata/.htaccess
@@ -0,0 +1 @@
+Options -Indexes