From d0b1cac2cd841ee57823fffc0e53d8abbd990736 Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Fri, 1 Oct 2010 16:33:35 -0700
Subject: [PATCH 01/10] default (existing) iptables

---
 patches/xenserver/etc/sysconfig/iptables | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 patches/xenserver/etc/sysconfig/iptables

diff --git a/patches/xenserver/etc/sysconfig/iptables b/patches/xenserver/etc/sysconfig/iptables
new file mode 100644
index 00000000000..3bc7b50f74a
--- /dev/null
+++ b/patches/xenserver/etc/sysconfig/iptables
@@ -0,0 +1,24 @@
+*nat
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i eth0 -p udp -m udp --dport 67 -j ACCEPT
+-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
+-A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
+-A INPUT -i eth0 -p tcp -m state --state NEW --dport 8080 -j ACCEPT
+-A INPUT -i eth0 -p tcp -m state --state NEW --dport 80 -j ACCEPT
+-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i eth0 -o eth2 -j ACCEPT
+-A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+COMMIT
+

From 3f9185032f00b486c1e73c83f0b6878c09459509 Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Wed, 6 Oct 2010 12:50:42 -0700
Subject: [PATCH 02/10] bug 6348: remove performance sapping rule

---
 patches/xenserver/etc/sysconfig/iptables | 1 -
 1 file changed, 1 deletion(-)

diff --git a/patches/xenserver/etc/sysconfig/iptables b/patches/xenserver/etc/sysconfig/iptables
index 3bc7b50f74a..bcbd3fa40cc 100644
--- a/patches/xenserver/etc/sysconfig/iptables
+++ b/patches/xenserver/etc/sysconfig/iptables
@@ -9,7 +9,6 @@ COMMIT
 :OUTPUT ACCEPT [0:0]
 -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
--A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A INPUT -p icmp -j ACCEPT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -i eth0 -p udp -m udp --dport 67 -j ACCEPT

From fd92dedf31851d2ddcf4593ffc784ec4848295d5 Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Wed, 6 Oct 2010 13:25:13 -0700
Subject: [PATCH 03/10] current state of rsyslog.conf

---
 patches/xenserver/etc/rsyslog.conf | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 patches/xenserver/etc/rsyslog.conf

diff --git a/patches/xenserver/etc/rsyslog.conf b/patches/xenserver/etc/rsyslog.conf
new file mode 100644
index 00000000000..211f54efa37
--- /dev/null
+++ b/patches/xenserver/etc/rsyslog.conf
@@ -0,0 +1,29 @@
+# Log all kernel messages to the console.
+# Logging much else clutters up the screen.
+#kern.*                                                 /dev/console
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+*.info;mail.none;authpriv.none;cron.none                /var/log/messages
+
+# The authpriv file has restricted access.
+authpriv.*                                              /var/log/secure
+
+# Log all the mail messages in one place.
+mail.*                                                  -/var/log/maillog
+
+
+# Log cron stuff
+cron.*                                                  /var/log/cron
+
+# Everybody gets emergency messages
+*.emerg                                                 *
+
+# Save news errors of level crit and higher in a special file.
+uucp,news.crit                                          /var/log/spooler
+
+# Save boot messages also to boot.log
+local7.*                                                /var/log/boot.log
+
+#haproxy
+local0.*				/var/log/haproxy.log

From cdc6864e7ecea376d7e6374be20c29869838ffd1 Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Wed, 6 Oct 2010 13:26:05 -0700
Subject: [PATCH 04/10] dont log local0 to var/log/messages

---
 patches/xenserver/etc/rsyslog.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/patches/xenserver/etc/rsyslog.conf b/patches/xenserver/etc/rsyslog.conf
index 211f54efa37..fe02d1f696f 100644
--- a/patches/xenserver/etc/rsyslog.conf
+++ b/patches/xenserver/etc/rsyslog.conf
@@ -4,7 +4,7 @@
 
 # Log anything (except mail) of level info or higher.
 # Don't log private authentication messages!
-*.info;mail.none;authpriv.none;cron.none                /var/log/messages
+*.info;mail.none;authpriv.none;cron.none;local0.none                /var/log/messages
 
 # The authpriv file has restricted access.
 authpriv.*                                              /var/log/secure

From a3515e0f5980ae1ede07f22bd49eaa937f1a1593 Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Wed, 6 Oct 2010 13:26:34 -0700
Subject: [PATCH 05/10] Rotate haproxy.log periodically

---
 patches/xenserver/etc/logrotate.d/haproxy | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 patches/xenserver/etc/logrotate.d/haproxy

diff --git a/patches/xenserver/etc/logrotate.d/haproxy b/patches/xenserver/etc/logrotate.d/haproxy
new file mode 100644
index 00000000000..858fe2a1c3a
--- /dev/null
+++ b/patches/xenserver/etc/logrotate.d/haproxy
@@ -0,0 +1,10 @@
+/var/log/haproxy.log {
+    daily
+    rotate 5
+    missingok
+    notifempty
+    size 10M
+    postrotate  
+      /bin/kill -HUP `cat /var/run/rsyslog.pid 2> /dev/null` 2> /dev/null || true
+    endscript
+}

From 6f8990f825f92e11a61aa004258f34002bf035c5 Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Wed, 6 Oct 2010 14:00:21 -0700
Subject: [PATCH 06/10] dont log queries -- fills up the disk

---
 patches/xenserver/etc/init.d/seteth1 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/patches/xenserver/etc/init.d/seteth1 b/patches/xenserver/etc/init.d/seteth1
index 01ae5724950..ec52803a44b 100755
--- a/patches/xenserver/etc/init.d/seteth1
+++ b/patches/xenserver/etc/init.d/seteth1
@@ -95,6 +95,7 @@ setup_router() {
   fi
   sed -i -e "s/^dhcp-range=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf
   sed -i -e "s/^[#]*listen-address=.*$/listen-address=$ETH0_IP/" /etc/dnsmasq.conf
+  sed -i -e "s/^log-queries.*$/#log-queries/" /etc/dnsmasq.conf
   sed -i  /gateway/d /etc/hosts
   echo "$ETH0_IP $NAME" >> /etc/hosts
   [ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*$/Listen $ETH0_IP:80/" /etc/httpd/conf/httpd.conf

From 5a4d410cdf47c3d0bc4714a34d3e9b5ade6b696d Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Wed, 6 Oct 2010 14:06:41 -0700
Subject: [PATCH 07/10] logrotate dnsmasq logs

---
 patches/xenserver/etc/logrotate.d/dnsmasq | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 patches/xenserver/etc/logrotate.d/dnsmasq

diff --git a/patches/xenserver/etc/logrotate.d/dnsmasq b/patches/xenserver/etc/logrotate.d/dnsmasq
new file mode 100644
index 00000000000..a2838753d0c
--- /dev/null
+++ b/patches/xenserver/etc/logrotate.d/dnsmasq
@@ -0,0 +1,13 @@
+/var/log/dnsmasq.log {
+    daily
+    missingok
+    rotate 5
+    notifempty
+    delaycompress
+    sharedscripts
+    postrotate
+        [ ! -f /var/run/dnsmasq.pid ] || kill -USR2 `cat /var/run/dnsmasq.pid`
+    endscript
+    create 0640 dnsmasq dnsmasq
+}
+

From f9133ecfdf9e400718b7472aa7706e56df1f8b60 Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Wed, 6 Oct 2010 14:30:56 -0700
Subject: [PATCH 08/10] bug 6348: iptables for virtual router is actually in
 iptables-domr

---
 patches/xenserver/etc/sysconfig/iptables-domr | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 patches/xenserver/etc/sysconfig/iptables-domr

diff --git a/patches/xenserver/etc/sysconfig/iptables-domr b/patches/xenserver/etc/sysconfig/iptables-domr
new file mode 100644
index 00000000000..bcbd3fa40cc
--- /dev/null
+++ b/patches/xenserver/etc/sysconfig/iptables-domr
@@ -0,0 +1,23 @@
+*nat
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i eth0 -p udp -m udp --dport 67 -j ACCEPT
+-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
+-A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
+-A INPUT -i eth0 -p tcp -m state --state NEW --dport 8080 -j ACCEPT
+-A INPUT -i eth0 -p tcp -m state --state NEW --dport 80 -j ACCEPT
+-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i eth0 -o eth2 -j ACCEPT
+-A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+COMMIT
+

From 74793925ed45c4f040b6e61b9cf198b65645f073 Mon Sep 17 00:00:00 2001
From: Kelven Yang <kelven@cloud.com>
Date: Wed, 6 Oct 2010 14:57:26 -0700
Subject: [PATCH 09/10] Explictly reject console-access request if it does not
 carry an access ticket, this usually happens in migration process while old
 console proxy is in use

---
 .../com/cloud/consoleproxy/ConsoleProxyManagerImpl.java    | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
index 33750a082fa..0882d4963a2 100644
--- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
+++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
@@ -1247,8 +1247,13 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager,
 			ConsoleAccessAuthenticationCommand cmd) {
 		long vmId = 0;
 		
-		String ticket = ConsoleProxyServlet.genAccessTicket(cmd.getHost(), cmd.getPort(), cmd.getSid(), cmd.getVmId());
 		String ticketInUrl = cmd.getTicket();
+		if(ticketInUrl == null) {
+			s_logger.error("No access ticket found, you could be running an old console proxy. vmId: " + cmd.getVmId());
+			return new ConsoleAccessAuthenticationAnswer(cmd, false);
+		}
+		
+		String ticket = ConsoleProxyServlet.genAccessTicket(cmd.getHost(), cmd.getPort(), cmd.getSid(), cmd.getVmId());
 		if(!ticket.startsWith(ticketInUrl)) {
 			s_logger.error("Access ticket expired or has been modified. vmId: " + cmd.getVmId());
 			return new ConsoleAccessAuthenticationAnswer(cmd, false);

From c3e1e0dce0f4c108b0a54c09c74998dbcede05ce Mon Sep 17 00:00:00 2001
From: abhishek <abhishek@cloud.com>
Date: Wed, 6 Oct 2010 15:04:20 -0700
Subject: [PATCH 10/10] bug 6368: schema change

---
 server/src/com/cloud/api/BaseCmd.java | 1 +
 setup/db/create-schema.sql            | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/src/com/cloud/api/BaseCmd.java b/server/src/com/cloud/api/BaseCmd.java
index ea7f962822c..ca928e27887 100644
--- a/server/src/com/cloud/api/BaseCmd.java
+++ b/server/src/com/cloud/api/BaseCmd.java
@@ -286,6 +286,7 @@ public abstract class BaseCmd {
         START_VLAN("startvlan", BaseCmd.TYPE_LONG, "startvlan"),
         END_VLAN("endvlan", BaseCmd.TYPE_LONG, "endvlan"),
         SIZE("size", BaseCmd.TYPE_LONG, "size"),
+        SIZE_NETAPP_VOL("netappvolsize", BaseCmd.TYPE_LONG, "netappvolsize"),
         STATE("state", BaseCmd.TYPE_STRING, "state"),
         STORAGE("storage", BaseCmd.TYPE_LONG, "storage"),
         SUCCESS("success", BaseCmd.TYPE_BOOLEAN, "success"),
diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql
index 70890e6043b..5af54b5f66c 100644
--- a/setup/db/create-schema.sql
+++ b/setup/db/create-schema.sql
@@ -82,7 +82,7 @@ CREATE TABLE `cloud`.`netapp_storage_pool` (
   `aggregate_name` varchar(255) NOT NULL COMMENT 'name for the aggregate',
   `pool_name` varchar(255) NOT NULL COMMENT 'name for the pool/volume',
   `snapshot_policy` varchar(255) NOT NULL COMMENT 'snapshot policy',  
-  `pool_size` bigint unsigned COMMENT 'size of the pool',
+  `pool_size` varchar(15) COMMENT 'size of the pool eg 15g',
   `round_robin_marker` bigint unsigned COMMENT 'this is set to 1 to indicate the vol/pool to use for allocation',  
   PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;