CLOUDSTACK-10013: SystemVM.iso refactoring and cleanups

- Removes old/dead files
- Refactors file path/location, backward compatible to filepaths in
  systemvm.isoa
- Fixes failures around apache2
This commit is contained in:
Rohit Yadav 2017-11-26 13:32:33 +05:30
parent 0102e8593d
commit 9aa7d4e818
257 changed files with 866 additions and 4304 deletions

View File

@ -1,21 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
configureSimulator=com.cloud.api.commands.ConfigureSimulatorCmd;1
querySimulatorMock=com.cloud.api.commands.QuerySimulatorMockCmd;1
cleanupSimulatorMock=com.cloud.api.commands.CleanupSimulatorMockCmd;1

View File

@ -798,7 +798,6 @@
<target> <target>
<copy todir="${basedir}/target/common/vms"> <copy todir="${basedir}/target/common/vms">
<fileset dir="${basedir}/../systemvm/dist"> <fileset dir="${basedir}/../systemvm/dist">
<include name="systemvm.zip"/>
<include name="systemvm.iso"/> <include name="systemvm.iso"/>
</fileset> </fileset>
</copy> </copy>

View File

@ -112,7 +112,7 @@ INSERT INTO `cloud`.`configuration` (category, instance, component, name, value)
INSERT INTO `cloud`.`configuration` (category, instance, component, name, value) INSERT INTO `cloud`.`configuration` (category, instance, component, name, value)
VALUES ('Advanced', 'DEFAULT', 'management-server', VALUES ('Advanced', 'DEFAULT', 'management-server',
'ping.timeout', '1.5'); 'ping.timeout', '2.0');
-- Enable dynamic RBAC by default for fresh deployments -- Enable dynamic RBAC by default for fresh deployments
INSERT INTO `cloud`.`configuration` (category, instance, component, name, value) INSERT INTO `cloud`.`configuration` (category, instance, component, name, value)

35
pom.xml
View File

@ -920,35 +920,12 @@
<exclude>ui/lib/reset.css</exclude> <exclude>ui/lib/reset.css</exclude>
<exclude>ui/lib/require.js</exclude> <exclude>ui/lib/require.js</exclude>
<exclude>utils/testsmallfileinactive</exclude> <exclude>utils/testsmallfileinactive</exclude>
<exclude>systemvm/conf/agent.properties</exclude> <exclude>systemvm/agent/conf/agent.properties</exclude>
<exclude>systemvm/conf/environment.properties</exclude> <exclude>systemvm/agent/conf/environment.properties</exclude>
<exclude>systemvm/js/jquery.js</exclude> <exclude>systemvm/agent/js/jquery.js</exclude>
<exclude>systemvm/js/jquery.flot.navigate.js</exclude> <exclude>systemvm/agent/js/jquery.flot.navigate.js</exclude>
<exclude>systemvm/patches/debian/systemvm.vmx</exclude> <exclude>systemvm/patches/debian/**</exclude>
<exclude>systemvm/patches/debian/config/root/.ssh/authorized_keys</exclude> <exclude>systemvm/patches/vpn/**</exclude>
<exclude>systemvm/patches/debian/config/etc/apache2/httpd.conf</exclude>
<exclude>systemvm/patches/debian/config/etc/apache2/vhost.template</exclude>
<exclude>systemvm/patches/debian/config/etc/dnsmasq.conf.tmpl</exclude>
<exclude>systemvm/patches/debian/config/etc/vpcdnsmasq.conf</exclude>
<exclude>systemvm/patches/debian/config/etc/ssh/sshd_config</exclude>
<exclude>systemvm/patches/debian/config/etc/rsyslog.conf</exclude>
<exclude>systemvm/patches/debian/config/etc/logrotate.conf</exclude>
<exclude>systemvm/patches/debian/config/etc/logrotate.d/*</exclude>
<exclude>systemvm/patches/debian/config/etc/sysctl.conf</exclude>
<exclude>systemvm/patches/debian/config/root/redundant_router/keepalived.conf.templ</exclude>
<exclude>systemvm/patches/debian/config/root/redundant_router/arping_gateways.sh.templ</exclude>
<exclude>systemvm/patches/debian/config/root/redundant_router/conntrackd.conf.templ</exclude>
<exclude>systemvm/patches/debian/vpn/etc/ipsec.conf</exclude>
<exclude>systemvm/patches/debian/vpn/etc/ppp/options.xl2tpd</exclude>
<exclude>systemvm/patches/debian/vpn/etc/xl2tpd/xl2tpd.conf</exclude>
<exclude>systemvm/patches/debian/vpn/etc/ipsec.secrets</exclude>
<exclude>systemvm/patches/debian/config/etc/haproxy/haproxy.cfg</exclude>
<exclude>systemvm/patches/debian/config/etc/cloud-nic.rules</exclude>
<exclude>systemvm/patches/debian/config/etc/modprobe.d/aesni_intel</exclude>
<exclude>systemvm/patches/debian/config/etc/rc.local</exclude>
<exclude>systemvm/patches/debian/config/var/www/html/userdata/.htaccess</exclude>
<exclude>systemvm/patches/debian/config/var/www/html/latest/.htaccess</exclude>
<exclude>systemvm/patches/debian/vpn/etc/ipsec.d/l2tp.conf</exclude>
<exclude>tools/transifex/.tx/config</exclude> <exclude>tools/transifex/.tx/config</exclude>
<exclude>tools/logo/apache_cloudstack.png</exclude> <exclude>tools/logo/apache_cloudstack.png</exclude>
<exclude>tools/marvin/marvin/sandbox/advanced/sandbox.cfg</exclude> <exclude>tools/marvin/marvin/sandbox/advanced/sandbox.cfg</exclude>

View File

@ -231,7 +231,7 @@
}, },
{ {
"name": "ping.timeout", "name": "ping.timeout",
"value": "1.5" "value": "2.0"
} }
], ],
"mgtSvr": [ "mgtSvr": [

View File

@ -136,4 +136,3 @@ a:hover.logwin_minimizebutton {
height: 477px; height: 477px;
background: white; background: white;
} }

View File

Before

Width:  |  Height:  |  Size: 149 B

After

Width:  |  Height:  |  Size: 149 B

View File

Before

Width:  |  Height:  |  Size: 3.8 KiB

After

Width:  |  Height:  |  Size: 3.8 KiB

View File

Before

Width:  |  Height:  |  Size: 918 B

After

Width:  |  Height:  |  Size: 918 B

View File

Before

Width:  |  Height:  |  Size: 1.8 KiB

After

Width:  |  Height:  |  Size: 1.8 KiB

View File

Before

Width:  |  Height:  |  Size: 1.2 KiB

After

Width:  |  Height:  |  Size: 1.2 KiB

View File

Before

Width:  |  Height:  |  Size: 437 B

After

Width:  |  Height:  |  Size: 437 B

View File

Before

Width:  |  Height:  |  Size: 326 B

After

Width:  |  Height:  |  Size: 326 B

View File

Before

Width:  |  Height:  |  Size: 3.7 KiB

After

Width:  |  Height:  |  Size: 3.7 KiB

View File

Before

Width:  |  Height:  |  Size: 196 B

After

Width:  |  Height:  |  Size: 196 B

View File

Before

Width:  |  Height:  |  Size: 3.0 KiB

After

Width:  |  Height:  |  Size: 3.0 KiB

View File

Before

Width:  |  Height:  |  Size: 634 B

After

Width:  |  Height:  |  Size: 634 B

View File

Before

Width:  |  Height:  |  Size: 227 B

After

Width:  |  Height:  |  Size: 227 B

View File

Before

Width:  |  Height:  |  Size: 1.8 KiB

After

Width:  |  Height:  |  Size: 1.8 KiB

View File

Before

Width:  |  Height:  |  Size: 657 B

After

Width:  |  Height:  |  Size: 657 B

View File

Before

Width:  |  Height:  |  Size: 243 B

After

Width:  |  Height:  |  Size: 243 B

View File

Before

Width:  |  Height:  |  Size: 3.1 KiB

After

Width:  |  Height:  |  Size: 3.1 KiB

View File

Before

Width:  |  Height:  |  Size: 3.1 KiB

After

Width:  |  Height:  |  Size: 3.1 KiB

View File

Before

Width:  |  Height:  |  Size: 655 B

After

Width:  |  Height:  |  Size: 655 B

View File

Before

Width:  |  Height:  |  Size: 243 B

After

Width:  |  Height:  |  Size: 243 B

View File

Before

Width:  |  Height:  |  Size: 649 B

After

Width:  |  Height:  |  Size: 649 B

View File

Before

Width:  |  Height:  |  Size: 231 B

After

Width:  |  Height:  |  Size: 231 B

View File

Before

Width:  |  Height:  |  Size: 2.6 KiB

After

Width:  |  Height:  |  Size: 2.6 KiB

View File

@ -1437,4 +1437,3 @@ AjaxViewer.prototype = {
return modifiers; return modifiers;
} }
}; };

View File

@ -335,4 +335,3 @@ Logger.prototype = {
} }
} }
}; };

View File

@ -47,8 +47,6 @@ config_apache2_conf() {
cp -f /etc/apache2/sites-available/default-ssl.orig /etc/apache2/sites-available/default-ssl cp -f /etc/apache2/sites-available/default-ssl.orig /etc/apache2/sites-available/default-ssl
sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:80>/" /etc/apache2/sites-available/default sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:80>/" /etc/apache2/sites-available/default
sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:443>/" /etc/apache2/sites-available/default-ssl sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:443>/" /etc/apache2/sites-available/default-ssl
sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/ports.conf
sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/ports.conf
sed -i 's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-available/default-ssl sed -i 's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-available/default-ssl
sed -i 's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-available/default-ssl sed -i 's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-available/default-ssl
sed -i 's/SSLProtocol.*$/SSLProtocol all -SSLv2 -SSLv3/' /etc/apache2/sites-available/default-ssl sed -i 's/SSLProtocol.*$/SSLProtocol all -SSLv2 -SSLv3/' /etc/apache2/sites-available/default-ssl
@ -208,10 +206,7 @@ fi
if [ -d /etc/apache2 ] if [ -d /etc/apache2 ]
then then
config_apache2_conf $publicIp $hostName config_apache2_conf $publicIp $hostName
/etc/init.d/apache2 stop systemctl restart apache2
/etc/init.d/apache2 start
else else
config_httpd_conf $publicIp $hostName config_httpd_conf $publicIp $hostName
fi fi

View File

@ -47,4 +47,3 @@ do
ips "$i" ips "$i"
done done
exit $? exit $?

View File

@ -21,4 +21,3 @@ tileMap = [ ${tileSequence} ];
ajaxViewer.resize('main_panel', ${width}, ${height}, ${tileWidth}, ${tileHeight}); ajaxViewer.resize('main_panel', ${width}, ${height}, ${tileWidth}, ${tileHeight});
</#if> </#if>
ajaxViewer.refresh('${imgUrl}', tileMap, false); ajaxViewer.refresh('${imgUrl}', tileMap, false);

View File

@ -1,220 +0,0 @@
#!/usr/bin/env python
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
import sys, os, subprocess, errno, re, getopt
# ---- This snippet of code adds the sources path and the waf configured PYTHONDIR to the Python path ----
# ---- We do this so cloud_utils can be looked up in the following order:
# ---- 1) Sources directory
# ---- 2) waf configured PYTHONDIR
# ---- 3) System Python path
for pythonpath in (
"@PYTHONDIR@",
os.path.join(os.path.dirname(__file__),os.path.pardir,os.path.pardir,"python","lib"),
):
if os.path.isdir(pythonpath): sys.path.insert(0,pythonpath)
# ---- End snippet of code ----
import cloud_utils
from cloud_utils import stderr
E_GENERIC= 1
E_NOKVM = 2
E_NODEFROUTE = 3
E_DHCP = 4
E_NOPERSISTENTNET = 5
E_NETRECONFIGFAILED = 6
E_VIRTRECONFIGFAILED = 7
E_FWRECONFIGFAILED = 8
E_CPRECONFIGFAILED = 9
E_CPFAILEDTOSTART = 10
E_NOFQDN = 11
def bail(errno=E_GENERIC,message=None,*args):
if message: stderr(message,*args)
stderr("Cloud Console Proxy setup aborted")
sys.exit(errno)
#---------------- boilerplate for python 2.4 support
# CENTOS does not have this -- we have to put this here
try:
from subprocess import check_call
from subprocess import CalledProcessError
except ImportError:
def check_call(*popenargs, **kwargs):
import subprocess
retcode = subprocess.call(*popenargs, **kwargs)
cmd = kwargs.get("args")
if cmd is None: cmd = popenargs[0]
if retcode: raise CalledProcessError(retcode, cmd)
return retcode
class CalledProcessError(Exception):
def __init__(self, returncode, cmd):
self.returncode = returncode ; self.cmd = cmd
def __str__(self): return "Command '%s' returned non-zero exit status %d" % (self.cmd, self.returncode)
# ------------ end boilerplate -------------------------
def check_hostname(): return check_call(["hostname",'--fqdn'])
class Command:
def __init__(self,name,parent=None):
self.__name = name
self.__parent = parent
def __getattr__(self,name):
if name == "_print": name = "print"
return Command(name,self)
def __call__(self,*args):
cmd = self.__get_recursive_name() + list(args)
#print " ",cmd
popen = subprocess.Popen(cmd,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
m = popen.communicate()
ret = popen.wait()
if ret:
e = CalledProcessError(ret,cmd)
e.stdout,e.stderr = m
raise e
class CommandOutput:
def __init__(self,stdout,stderr):
self.stdout = stdout
self.stderr = stderr
return CommandOutput(*m)
def __lt__(self,other):
cmd = self.__get_recursive_name()
#print " ",cmd,"<",other
popen = subprocess.Popen(cmd,stdin=subprocess.PIPE,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
m = popen.communicate(other)
ret = popen.wait()
if ret:
e = CalledProcessError(ret,cmd)
e.stdout,e.stderr = m
raise e
class CommandOutput:
def __init__(self,stdout,stderr):
self.stdout = stdout
self.stderr = stderr
return CommandOutput(*m)
def __get_recursive_name(self,sep=None):
m = self
l = []
while m is not None:
l.append(m.__name)
m = m.__parent
l.reverse()
if sep: return sep.join(l)
else: return l
def __str__(self):
return '<Command %r>'%self.__get_recursive_name(sep=" ")
def __repr__(self): return self.__str__()
ip = Command("ip")
service = Command("service")
chkconfig = Command("chkconfig")
ufw = Command("ufw")
iptables = Command("iptables")
augtool = Command("augtool")
ifconfig = Command("ifconfig")
uuidgen = Command("uuidgen")
Fedora = os.path.exists("/etc/fedora-release")
CentOS = os.path.exists("/etc/centos-release") or ( os.path.exists("/etc/redhat-release") and not os.path.exists("/etc/fedora-release") )
#--------------- procedure starts here ------------
def main():
# parse cmd line
opts, args = getopt.getopt(sys.argv[1:], "a", ["host=", "zone=", "pod="])
host=None
zone=None
pod=None
autoMode=False
do_check_kvm = True
for opt, arg in opts:
if opt == "--host":
if arg != "":
host = arg
elif opt == "--zone":
if arg != "":
zone = arg
elif opt == "--pod":
if arg != "":
pod = arg
elif opt == "-a":
autoMode=True
servicename = "@PACKAGE@-console-proxy"
if autoMode:
cloud_utils.setLogFile("/var/log/cloud/setupConsoleProxy.log")
stderr("Welcome to the Cloud Console Proxy setup")
stderr("")
try:
check_hostname()
stderr("The hostname of this machine is properly set up")
except CalledProcessError,e:
bail(E_NOFQDN,"This machine does not have an FQDN (fully-qualified domain name) for a hostname")
stderr("Stopping the Cloud Console Proxy")
cloud_utils.stop_service(servicename)
stderr("Cloud Console Proxy stopped")
ports = "8002".split()
if Fedora or CentOS:
try:
o = chkconfig("--list","iptables")
if ":on" in o.stdout and os.path.exists("/etc/sysconfig/iptables"):
stderr("Setting up firewall rules to permit traffic to Cloud services")
service.iptables.start() ; print o.stdout + o.stderr
for p in ports: iptables("-I","INPUT","1","-p","tcp","--dport",p,'-j','ACCEPT')
o = service.iptables.save() ; print o.stdout + o.stderr
except CalledProcessError,e:
print e.stdout+e.stderr
bail(E_FWRECONFIGFAILED,"Firewall rules could not be set")
else:
stderr("Setting up firewall rules to permit traffic to Cloud services")
try:
for p in ports: ufw.allow(p)
stderr("Rules set")
except CalledProcessError,e:
print e.stdout+e.stderr
bail(E_FWRECONFIGFAILED,"Firewall rules could not be set")
stderr("We are going to enable ufw now. This may disrupt network connectivity and service availability. See the ufw documentation for information on how to manage ufw firewall policies.")
try:
o = ufw.enable < "y\n" ; print o.stdout + o.stderr
except CalledProcessError,e:
print e.stdout+e.stderr
bail(E_FWRECONFIGFAILED,"Firewall could not be enabled")
cloud_utils.setup_consoleproxy_config("@CPSYSCONFDIR@/agent.properties", host, zone, pod)
stderr("Enabling and starting the Cloud Console Proxy")
cloud_utils.enable_service(servicename)
stderr("Cloud Console Proxy restarted")
if __name__ == "__main__":
main()
# FIXMES: 1) nullify networkmanager on ubuntu (asking the user first) and enable the networking service permanently

View File

@ -1,46 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Sample configuration file for VMOPS console proxy
instance=ConsoleProxy
consoleproxy.httpListenPort=8002
#resource= the java class, which agent load to execute
resource=com.cloud.agent.resource.consoleproxy.ConsoleProxyResource
#host= The IP address of management server
host=localhost
#port = The port management server listening on, default is 8250
port=8250
#pod= The pod, which agent belonged to
pod=default
#zone= The zone, which agent belonged to
zone=default
#private.network.device= the private nic device
# if this is commented, it is autodetected on service startup
# private.network.device=cloudbr0
#public.network.device= the public nic device
# if this is commented, it is autodetected on service startup
# public.network.device=cloudbr0
#guid= a GUID to identify the agent

View File

@ -1,23 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
consoleproxy.tcpListenPort=0
consoleproxy.httpListenPort=80
consoleproxy.httpCmdListenPort=8001
consoleproxy.jarDir=./applet/
consoleproxy.viewerLinger=180
consoleproxy.reconnectMaxRetry=5

View File

@ -1,111 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
<!-- ================================= -->
<!-- Preserve messages in a local file -->
<!-- ================================= -->
<!-- A time/date based rolling appender -->
<appender name="FILE" class="org.apache.log4j.rolling.RollingFileAppender">
<param name="Append" value="true"/>
<param name="Threshold" value="WARN"/>
<rollingPolicy class="org.apache.log4j.rolling.TimeBasedRollingPolicy">
<param name="FileNamePattern" value="@CPLOG@.%d{yyyy-MM-dd}.gz"/>
<param name="ActiveFileName" value="@CPLOG@"/>
</rollingPolicy>
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern" value="%d{ISO8601} %-5p [%c{3}] (%t:%x) (logid:%X{logcontextid}) %m%n"/>
</layout>
</appender>
<!-- ============================== -->
<!-- Append messages to the console -->
<!-- ============================== -->
<appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
<param name="Target" value="System.out"/>
<param name="Threshold" value="WARN"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d{ABSOLUTE} %5p %c{1}:%L - %m%n"/>
</layout>
</appender>
<!-- ================ -->
<!-- Limit categories -->
<!-- ================ -->
<category name="com.cloud.console.ConsoleCanvas">
<priority value="WARN"/>
</category>
<category name="com.cloud.consoleproxy.ConsoleProxyAjaxImageHandler">
<priority value="WARN"/>
</category>
<category name="com.cloud.consoleproxy.ConsoleProxyViwer">
<priority value="WARN"/>
</category>
<category name="com.cloud.consoleproxy">
<priority value="INFO"/>
</category>
<category name="com.cloud">
<priority value="DEBUG"/>
</category>
<!-- Limit the org.apache category to INFO as its DEBUG is verbose -->
<category name="org.apache">
<priority value="INFO"/>
</category>
<category name="org">
<priority value="INFO"/>
</category>
<category name="net">
<priority value="INFO"/>
</category>
<!-- Limit the com.amazonaws category to INFO as its DEBUG is verbose -->
<category name="com.amazonaws">
<priority value="INFO"/>
</category>
<!-- Limit the httpclient.wire category to INFO as its DEBUG is verbose -->
<category name="httpclient.wire">
<priority value="INFO"/>
</category>
<!-- ======================= -->
<!-- Setup the Root category -->
<!-- ======================= -->
<root>
<level value="INFO"/>
<appender-ref ref="CONSOLE"/>
<appender-ref ref="FILE"/>
</root>
</log4j:configuration>

View File

@ -1,21 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#mount.path=~/secondary-storage/
resource=org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource
testCifsMount=cifs://192.168.1.1/CSHV3?user=administrator&password=1pass%40word1
#testLocalRoot=test

View File

@ -1,96 +0,0 @@
#!/bin/bash
# chkconfig: 35 99 10
# description: Cloud Console Proxy
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# WARNING: if this script is changed, then all other initscripts MUST BE changed to match it as well
. /etc/rc.d/init.d/functions
# set environment variables
SHORTNAME=`basename $0`
PIDFILE=@PIDDIR@/"$SHORTNAME".pid
LOCKFILE=@LOCKDIR@/"$SHORTNAME"
LOGFILE=@CPLOG@
PROGNAME="Cloud Console Proxy"
unset OPTIONS
[ -r @SYSCONFDIR@/sysconfig/"$SHORTNAME" ] && source @SYSCONFDIR@/sysconfig/"$SHORTNAME"
DAEMONIZE=@BINDIR@/@PACKAGE@-daemonize
PROG=@LIBEXECDIR@/console-proxy-runner
start() {
echo -n $"Starting $PROGNAME: "
if hostname --fqdn >/dev/null 2>&1 ; then
daemon --check=$SHORTNAME --pidfile=${PIDFILE} "$DAEMONIZE" \
-n "$SHORTNAME" -p "$PIDFILE" -l "$LOGFILE" "$PROG" $OPTIONS
RETVAL=$?
echo
else
failure
echo
echo The host name does not resolve properly to an IP address. Cannot start "$PROGNAME". > /dev/stderr
RETVAL=9
fi
[ $RETVAL = 0 ] && touch ${LOCKFILE}
return $RETVAL
}
stop() {
echo -n $"Stopping $PROGNAME: "
killproc -p ${PIDFILE} $SHORTNAME # -d 10 $SHORTNAME
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${LOCKFILE} ${PIDFILE}
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status -p ${PIDFILE} $SHORTNAME
RETVAL=$?
;;
restart)
stop
sleep 3
start
;;
condrestart)
if status -p ${PIDFILE} $SHORTNAME >&/dev/null; then
stop
sleep 3
start
fi
;;
*)
echo $"Usage: $SHORTNAME {start|stop|restart|condrestart|status|help}"
RETVAL=3
esac
exit $RETVAL

View File

@ -1,96 +0,0 @@
#!/bin/bash
# chkconfig: 35 99 10
# description: Cloud Console Proxy
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# WARNING: if this script is changed, then all other initscripts MUST BE changed to match it as well
. /etc/rc.d/init.d/functions
# set environment variables
SHORTNAME=`basename $0`
PIDFILE=@PIDDIR@/"$SHORTNAME".pid
LOCKFILE=@LOCKDIR@/"$SHORTNAME"
LOGFILE=@CPLOG@
PROGNAME="Cloud Console Proxy"
unset OPTIONS
[ -r @SYSCONFDIR@/sysconfig/"$SHORTNAME" ] && source @SYSCONFDIR@/sysconfig/"$SHORTNAME"
DAEMONIZE=@BINDIR@/@PACKAGE@-daemonize
PROG=@LIBEXECDIR@/console-proxy-runner
start() {
echo -n $"Starting $PROGNAME: "
if hostname --fqdn >/dev/null 2>&1 ; then
daemon --check=$SHORTNAME --pidfile=${PIDFILE} "$DAEMONIZE" \
-n "$SHORTNAME" -p "$PIDFILE" -l "$LOGFILE" "$PROG" $OPTIONS
RETVAL=$?
echo
else
failure
echo
echo The host name does not resolve properly to an IP address. Cannot start "$PROGNAME". > /dev/stderr
RETVAL=9
fi
[ $RETVAL = 0 ] && touch ${LOCKFILE}
return $RETVAL
}
stop() {
echo -n $"Stopping $PROGNAME: "
killproc -p ${PIDFILE} $SHORTNAME # -d 10 $SHORTNAME
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${LOCKFILE} ${PIDFILE}
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status -p ${PIDFILE} $SHORTNAME
RETVAL=$?
;;
restart)
stop
sleep 3
start
;;
condrestart)
if status -p ${PIDFILE} $SHORTNAME >&/dev/null; then
stop
sleep 3
start
fi
;;
*)
echo $"Usage: $SHORTNAME {start|stop|restart|condrestart|status|help}"
RETVAL=3
esac
exit $RETVAL

View File

@ -1,96 +0,0 @@
#!/bin/bash
# chkconfig: 35 99 10
# description: Cloud Console Proxy
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# WARNING: if this script is changed, then all other initscripts MUST BE changed to match it as well
. /etc/rc.d/init.d/functions
# set environment variables
SHORTNAME=`basename $0`
PIDFILE=@PIDDIR@/"$SHORTNAME".pid
LOCKFILE=@LOCKDIR@/"$SHORTNAME"
LOGFILE=@CPLOG@
PROGNAME="Cloud Console Proxy"
unset OPTIONS
[ -r @SYSCONFDIR@/sysconfig/"$SHORTNAME" ] && source @SYSCONFDIR@/sysconfig/"$SHORTNAME"
DAEMONIZE=@BINDIR@/@PACKAGE@-daemonize
PROG=@LIBEXECDIR@/console-proxy-runner
start() {
echo -n $"Starting $PROGNAME: "
if hostname --fqdn >/dev/null 2>&1 ; then
daemon --check=$SHORTNAME --pidfile=${PIDFILE} "$DAEMONIZE" \
-n "$SHORTNAME" -p "$PIDFILE" -l "$LOGFILE" "$PROG" $OPTIONS
RETVAL=$?
echo
else
failure
echo
echo The host name does not resolve properly to an IP address. Cannot start "$PROGNAME". > /dev/stderr
RETVAL=9
fi
[ $RETVAL = 0 ] && touch ${LOCKFILE}
return $RETVAL
}
stop() {
echo -n $"Stopping $PROGNAME: "
killproc -p ${PIDFILE} $SHORTNAME # -d 10 $SHORTNAME
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${LOCKFILE} ${PIDFILE}
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status -p ${PIDFILE} $SHORTNAME
RETVAL=$?
;;
restart)
stop
sleep 3
start
;;
condrestart)
if status -p ${PIDFILE} $SHORTNAME >&/dev/null; then
stop
sleep 3
start
fi
;;
*)
echo $"Usage: $SHORTNAME {start|stop|restart|condrestart|status|help}"
RETVAL=3
esac
exit $RETVAL

View File

@ -1,110 +0,0 @@
#!/bin/bash
# chkconfig: 35 99 10
# description: Cloud Console Proxy
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# WARNING: if this script is changed, then all other initscripts MUST BE changed to match it as well
. /lib/lsb/init-functions
. /etc/default/rcS
# set environment variables
SHORTNAME=`basename $0`
PIDFILE=@PIDDIR@/"$SHORTNAME".pid
LOCKFILE=@LOCKDIR@/"$SHORTNAME"
LOGFILE=@CPLOG@
PROGNAME="Cloud Console Proxy"
unset OPTIONS
[ -r @SYSCONFDIR@/default/"$SHORTNAME" ] && source @SYSCONFDIR@/default/"$SHORTNAME"
DAEMONIZE=@BINDIR@/@PACKAGE@-daemonize
PROG=@LIBEXECDIR@/console-proxy-runner
start() {
log_daemon_msg $"Starting $PROGNAME" "$SHORTNAME"
if [ -s "$PIDFILE" ] && kill -0 $(cat "$PIDFILE") >/dev/null 2>&1; then
log_progress_msg "apparently already running"
log_end_msg 0
exit 0
fi
if hostname --fqdn >/dev/null 2>&1 ; then
true
else
log_failure_msg "The host name does not resolve properly to an IP address. Cannot start $PROGNAME"
log_end_msg 1
exit 1
fi
if start-stop-daemon --start --quiet \
--pidfile "$PIDFILE" \
--exec "$DAEMONIZE" -- -n "$SHORTNAME" -p "$PIDFILE" -l "$LOGFILE" "$PROG" $OPTIONS
RETVAL=$?
then
rc=0
sleep 1
if ! kill -0 $(cat "$PIDFILE") >/dev/null 2>&1; then
log_failure_msg "$PROG failed to start"
rc=1
fi
else
rc=1
fi
if [ $rc -eq 0 ]; then
log_end_msg 0
else
log_end_msg 1
rm -f "$PIDFILE"
fi
}
stop() {
echo -n $"Stopping $PROGNAME" "$SHORTNAME"
start-stop-daemon --stop --quiet --oknodo --pidfile "$PIDFILE"
log_end_msg $?
rm -f "$PIDFILE"
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status_of_proc -p "$PIDFILE" "$PROG" "$SHORTNAME"
RETVAL=$?
;;
restart)
stop
sleep 3
start
;;
*)
echo $"Usage: $SHORTNAME {start|stop|restart|status|help}"
RETVAL=3
esac
exit $RETVAL

View File

@ -1,90 +0,0 @@
#!/usr/bin/env bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#run.sh runs the agent client.
cd `dirname "$0"`
SYSTEMJARS="@SYSTEMJARS@"
SCP=$(build-classpath $SYSTEMJARS) ; if [ $? != 0 ] ; then SCP="@SYSTEMCLASSPATH@" ; fi
DCP="@DEPSCLASSPATH@"
ACP="@AGENTCLASSPATH@"
export CLASSPATH=$SCP:$DCP:$ACP:@CPSYSCONFDIR@
for jarfile in "@PREMIUMJAVADIR@"/* ; do
if [ ! -e "$jarfile" ] ; then continue ; fi
CLASSPATH=$jarfile:$CLASSPATH
done
for plugin in "@PLUGINJAVADIR@"/* ; do
if [ ! -e "$plugin" ] ; then continue ; fi
CLASSPATH=$plugin:$CLASSPATH
done
export CLASSPATH
set -e
cd "@CPLIBDIR@"
echo Current directory is "$PWD"
echo CLASSPATH to run the console proxy: "$CLASSPATH"
export PATH=/sbin:/usr/sbin:"$PATH"
SERVICEARGS=
for x in private public ; do
configuration=`grep -q "^$x.network.device" "@CPSYSCONFDIR@"/agent.properties || true`
if [ -n "$CONFIGURATION" ] ; then
echo "Using manually-configured network device $CONFIGURATION"
else
defaultroute=`ip route | grep ^default | cut -d ' ' -f 5`
test -n "$defaultroute"
echo "Using auto-discovered network device $defaultroute which is the default route"
SERVICEARGS="$SERVICEARGS $x.network.device="$defaultroute
fi
done
function termagent() {
if [ "$agentpid" != "" ] ; then
echo Killing VMOps Console Proxy "(PID $agentpid)" with SIGTERM >&2
kill -TERM $agentpid
echo Waiting for agent to exit >&2
wait $agentpid
ex=$?
echo Agent exited with return code $ex >&2
else
echo Agent PID is unknown >&2
fi
}
trap termagent TERM
while true ; do
java -Xms128M -Xmx384M -cp "$CLASSPATH" "$@" com.cloud.agent.AgentShell $SERVICEARGS &
agentpid=$!
echo "Console Proxy started. PID: $!" >&2
wait $agentpid
ex=$?
if [ $ex -gt 128 ]; then
echo "wait on console proxy process interrupted by SIGTERM" >&2
exit $ex
fi
echo "Console proxy exited with return code $ex" >&2
if [ $ex -eq 0 ] || [ $ex -eq 1 ] || [ $ex -eq 66 ] || [ $ex -gt 128 ]; then
echo "Exiting..." > /dev/stderr
exit $ex
fi
echo "Restarting console proxy..." > /dev/stderr
sleep 1
done

View File

@ -1,34 +0,0 @@
####################################################
Note there is a new systemvm build script based on
Veewee(Vagrant) under tools/appliance.
####################################################
1. The buildsystemvm.sh script builds a 32-bit system vm disk based on the Debian Squeeze distro. This system vm can boot on any hypervisor thanks to the pvops support in the kernel. It is fully automated
2. The files under config/ are the specific tweaks to the default Debian configuration that are required for CloudStack operation.
3. The variables at the top of the buildsystemvm.sh script can be customized:
IMAGENAME=systemvm # dont touch this
LOCATION=/var/lib/images/systemvm #
MOUNTPOINT=/mnt/$IMAGENAME/ # this is where the image is mounted on your host while the vm image is built
IMAGELOC=$LOCATION/$IMAGENAME.img
PASSWORD=password # password for the vm
APT_PROXY= #you can put in an APT cacher such as apt-cacher-ng
HOSTNAME=systemvm # dont touch this
SIZE=2000 # dont touch this for now
DEBIAN_MIRROR=ftp.us.debian.org/debian
MINIMIZE=true # if this is true, a lot of docs, fonts, locales and apt cache is wiped out
4. The systemvm includes the (non-free) Sun JRE. You can put in the standard debian jre-headless package instead but it pulls in X and bloats the image.
5. You need to be 'root' to run the buildsystemvm.sh script
6. The image is a raw image. You can run the convert.sh tool to produce images suitable for Citrix Xenserver, VMWare and KVM.
* Conversion to Citrix Xenserver VHD format requires the vhd-util tool. You can use the
-- checked in config/bin/vhd-util) OR
-- build the vhd-util tool yourself as follows:
a. The xen repository has a tool called vhd-util that compiles and runs on any linux system (http://xenbits.xensource.com/xen-4.0-testing.hg?file/8e8dd38374e9/tools/blktap2/vhd/ or full Xen source at http://www.xen.org/products/xen_source.html).
b. Apply this patch: http://lists.xensource.com/archives/cgi-bin/mesg.cgi?a=xen-devel&i=006101cb22f6%242004dd40%24600e97c0%24%40zhuo%40cloudex.cn.
c. Build the vhd-util tool
cd tools/blktap2
make
sudo make install
* Conversion to ova (VMWare) requires the ovf tool, available from
http://communities.vmware.com/community/vmtn/server/vsphere/automationtools/ovf
* Conversion to QCOW2 requires qemu-img

File diff suppressed because one or more lines are too long

View File

@ -1,5 +0,0 @@
{
"run_list": [
"recipe[csip::default]"
]
}

View File

@ -1,21 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
data_bags_path "/var/chef/data_bags"
cookbook_path "/var/chef/cookbooks"
log_level :debug
log_location STDOUT

View File

@ -1,2 +0,0 @@
These are the templates for the redundant router
and redundant vpc_router

View File

@ -1,54 +0,0 @@
{
"eth2": {
"device": "eth2",
"egress_rules": [
{
"allowed": false,
"cidr": "10.0.6.0/8",
"first_port": 60,
"last_port": 60,
"type": "tcp"
}
],
"ingress_rules": [
{
"allowed": true,
"cidr": "10.0.1.0/8",
"protocol": 41,
"type": "protocol"
},
{
"allowed": true,
"cidr": "10.0.4.0/8",
"type": "all"
},
{
"allowed": true,
"cidr": "10.0.3.0/8",
"icmp_code": -1,
"icmp_type": -1,
"type": "icmp"
},
{
"allowed": true,
"cidr": "10.0.2.0/8",
"first_port": 40,
"last_port": 40,
"type": "udp"
},
{
"allowed": true,
"cidr": "10.0.1.0/8",
"first_port": 30,
"last_port": 30,
"type": "tcp"
}
],
"mac_address": "02:00:0d:7b:00:04",
"nic_ip": "172.16.1.1",
"nic_netmask": "24",
"private_gateway_acl": false,
"type": "networkacl"
},
"id": "networkacl"
}

View File

@ -1,29 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist
while read i
do
ip addr show $i|grep "inet " > /tmp/iplist_$i
while read line
do
ip=`echo $line|cut -d " " -f 2|cut -d "/" -f 1`
arping -I $i -A $ip -c 1 >> [RROUTER_LOG] 2>&1
arping -I $i -A $ip -c 1 >> [RROUTER_LOG] 2>&1
done < /tmp/iplist_$i
done < /tmp/iflist
sleep 1

View File

@ -1,39 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
sleep 1
source /root/func.sh
lock="biglock"
locked=$(getLockFile $lock)
if [ "$locked" != "1" ]
then
exit 1
fi
echo To backup called >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
echo Disable public ip $? >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
[RROUTER_BIN_PATH]/primary-backup.sh backup >> [RROUTER_LOG] 2>&1
echo Switch conntrackd mode backup $? >> [RROUTER_LOG]
echo Status: BACKUP >> [RROUTER_LOG]
releaseLockFile $lock $locked
exit 0

View File

@ -1,19 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
cat /tmp/rrouter_bumped

View File

@ -1,60 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
ROUTER_BIN_PATH=/ramdisk/rrouter
STRIKE_FILE="$ROUTER_BIN_PATH/keepalived.strikes"
if [ -e [RROUTER_BIN_PATH]/keepalived.ts2 ]
then
lasttime=$(cat [RROUTER_BIN_PATH]/keepalived.ts2)
thistime=$(cat [RROUTER_BIN_PATH]/keepalived.ts)
diff=$(($thistime - $lasttime))
s=0
if [ $diff -lt 30 ]
then
if [ -e $STRIKE_FILE ]
then
s=`cat $STRIKE_FILE 2>/dev/null`
fi
s=$(($s+1))
echo $s > $STRIKE_FILE
else
if [ -e $STRIKE_FILE ]
then
rm $STRIKE_FILE
else
echo keepalived.strikes file does not exist! >> $ROUTER_LOG
fi
fi
#3 strikes rule
if [ $s -gt 2 ]
then
echo Keepalived process is dead! >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
[RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
[RROUTER_BIN_PATH]/primary-backup.sh fault >> [RROUTER_LOG] 2>&1
service keepalived stop >> [RROUTER_LOG] 2>&1
service conntrackd stop >> [RROUTER_LOG] 2>&1
pkill -9 keepalived >> [RROUTER_LOG] 2>&1
pkill -9 conntrackd >> [RROUTER_LOG] 2>&1
echo Status: FAULT \(keepalived process is dead\) >> [RROUTER_LOG]
exit
fi
fi
cp [RROUTER_BIN_PATH]/keepalived.ts [RROUTER_BIN_PATH]/keepalived.ts2

View File

@ -1,56 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
source /root/func.sh
nolock=0
if [ $# -eq 1 ]
then
if [ $1 == "--no-lock" ]
then
nolock=1
fi
fi
if [ $nolock -eq 0 ]
then
lock="biglock"
locked=$(getLockFile $lock)
if [ "$locked" != "1" ]
then
exit 1
fi
fi
bumped="Bumped: NO"
if [ -e /tmp/rrouter_bumped ]
then
bumped="Bumped: YES"
fi
stat=`tail -n 1 [RROUTER_LOG] | grep "Status"`
if [ $? -eq 0 ]
then
echo "$stat&$bumped"
fi
if [ $nolock -eq 0 ]
then
unlock_exit $? $lock $locked
fi

View File

@ -1,401 +0,0 @@
#
# Synchronizer settings
#
Sync {
Mode FTFW {
#
# Size of the resend queue (in objects). This is the maximum
# number of objects that can be stored waiting to be confirmed
# via acknoledgment. If you keep this value low, the daemon
# will have less chances to recover state-changes under message
# omission. On the other hand, if you keep this value high,
# the daemon will consume more memory to store dead objects.
# Default is 131072 objects.
#
# ResendQueueSize 131072
#
# This parameter allows you to set an initial fixed timeout
# for the committed entries when this node goes from backup
# to primary. This mechanism provides a way to purge entries
# that were not recovered appropriately after the specified
# fixed timeout. If you set a low value, TCP entries in
# Established states with no traffic may hang. For example,
# an SSH connection without KeepAlive enabled. If not set,
# the daemon uses an approximate timeout value calculation
# mechanism. By default, this option is not set.
#
# CommitTimeout 180
#
# If the firewall replica goes from primary to backup,
# the conntrackd -t command is invoked in the script.
# This command schedules a flush of the table in N seconds.
# This is useful to purge the connection tracking table of
# zombie entries and avoid clashes with old entries if you
# trigger several consecutive hand-overs. Default is 60 seconds.
#
# PurgeTimeout 60
# Set the acknowledgement window size. If you decrease this
# value, the number of acknowlegdments increases. More
# acknowledgments means more overhead as conntrackd has to
# handle more control messages. On the other hand, if you
# increase this value, the resend queue gets more populated.
# This results in more overhead in the queue releasing.
# The following value is based on some practical experiments
# measuring the cycles spent by the acknowledgment handling
# with oprofile. If not set, default window size is 300.
#
# ACKWindowSize 300
#
# This clause allows you to disable the external cache. Thus,
# the state entries are directly injected into the kernel
# conntrack table. As a result, you save memory in user-space
# but you consume slots in the kernel conntrack table for
# backup state entries. Moreover, disabling the external cache
# means more CPU consumption. You need a Linux kernel
# >= 2.6.29 to use this feature. By default, this clause is
# set off. If you are installing conntrackd for first time,
# please read the user manual and I encourage you to consider
# using the fail-over scripts instead of enabling this option!
#
# DisableExternalCache Off
}
#
# Multicast IP and interface where messages are
# broadcasted (dedicated link). IMPORTANT: Make sure
# that iptables accepts traffic for destination
# 225.0.0.50, eg:
#
# iptables -I INPUT -d 225.0.0.50 -j ACCEPT
# iptables -I OUTPUT -d 225.0.0.50 -j ACCEPT
#
Multicast {
#
# Multicast address: The address that you use as destination
# in the synchronization messages. You do not have to add
# this IP to any of your existing interfaces. If any doubt,
# do not modify this value.
#
IPv4_address 225.0.0.50
#
# The multicast group that identifies the cluster. If any
# doubt, do not modify this value.
#
Group 3780
#
# IP address of the interface that you are going to use to
# send the synchronization messages. Remember that you must
# use a dedicated link for the synchronization messages.
#
IPv4_interface [LINK_IP]
#
# The name of the interface that you are going to use to
# send the synchronization messages.
#
Interface [LINK_IF]
# The multicast sender uses a buffer to enqueue the packets
# that are going to be transmitted. The default size of this
# socket buffer is available at /proc/sys/net/core/wmem_default.
# This value determines the chances to have an overrun in the
# sender queue. The overrun results packet loss, thus, losing
# state information that would have to be retransmitted. If you
# notice some packet loss, you may want to increase the size
# of the sender buffer. The default size is usually around
# ~100 KBytes which is fairly small for busy firewalls.
#
SndSocketBuffer 1249280
# The multicast receiver uses a buffer to enqueue the packets
# that the socket is pending to handle. The default size of this
# socket buffer is available at /proc/sys/net/core/rmem_default.
# This value determines the chances to have an overrun in the
# receiver queue. The overrun results packet loss, thus, losing
# state information that would have to be retransmitted. If you
# notice some packet loss, you may want to increase the size of
# the receiver buffer. The default size is usually around
# ~100 KBytes which is fairly small for busy firewalls.
#
RcvSocketBuffer 1249280
#
# Enable/Disable message checksumming. This is a good
# property to achieve fault-tolerance. In case of doubt, do
# not modify this value.
#
Checksum on
}
#
# You can specify more than one dedicated link. Thus, if one dedicated
# link fails, conntrackd can fail-over to another. Note that adding
# more than one dedicated link does not mean that state-updates will
# be sent to all of them. There is only one active dedicated link at
# a given moment. The `Default' keyword indicates that this interface
# will be selected as the initial dedicated link. You can have
# up to 4 redundant dedicated links. Note: Use different multicast
# groups for every redundant link.
#
# Multicast Default {
# IPv4_address 225.0.0.51
# Group 3781
# IPv4_interface 192.168.100.101
# Interface eth3
# # SndSocketBuffer 1249280
# # RcvSocketBuffer 1249280
# Checksum on
# }
#
# You can use Unicast UDP instead of Multicast to propagate events.
# Note that you cannot use unicast UDP and Multicast at the same
# time, you can only select one.
#
# UDP {
#
# UDP address that this firewall uses to listen to events.
#
# IPv4_address 192.168.2.100
#
# or you may want to use an IPv6 address:
#
# IPv6_address fe80::215:58ff:fe28:5a27
#
# Destination UDP address that receives events, ie. the other
# firewall's dedicated link address.
#
# IPv4_Destination_Address 192.168.2.101
#
# or you may want to use an IPv6 address:
#
# IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c
#
# UDP port used
#
# Port 3780
#
# The name of the interface that you are going to use to
# send the synchronization messages.
#
# Interface eth2
#
# The sender socket buffer size
#
# SndSocketBuffer 1249280
#
# The receiver socket buffer size
#
# RcvSocketBuffer 1249280
#
# Enable/Disable message checksumming.
#
# Checksum on
# }
}
#
# General settings
#
General {
#
# Set the nice value of the daemon, this value goes from -20
# (most favorable scheduling) to 19 (least favorable). Using a
# very low value reduces the chances to lose state-change events.
# Default is 0 but this example file sets it to most favourable
# scheduling as this is generally a good idea. See man nice(1) for
# more information.
#
Nice -20
#
# Select a different scheduler for the daemon, you can select between
# RR and FIFO and the process priority (minimum is 0, maximum is 99).
# See man sched_setscheduler(2) for more information. Using a RT
# scheduler reduces the chances to overrun the Netlink buffer.
#
# Scheduler {
# Type FIFO
# Priority 99
# }
#
# Number of buckets in the cache hashtable. The bigger it is,
# the closer it gets to O(1) at the cost of consuming more memory.
# Read some documents about tuning hashtables for further reference.
#
HashSize 32768
#
# Maximum number of conntracks, it should be double of:
# $ cat /proc/sys/net/netfilter/nf_conntrack_max
# since the daemon may keep some dead entries cached for possible
# retransmission during state synchronization.
#
HashLimit 131072
#
# Logfile: on (/var/log/conntrackd.log), off, or a filename
# Default: off
#
LogFile on
#
# Syslog: on, off or a facility name (daemon (default) or local0..7)
# Default: off
#
#Syslog on
#
# Lockfile
#
LockFile /var/lock/conntrack.lock
#
# Unix socket configuration
#
UNIX {
Path /var/run/conntrackd.ctl
Backlog 20
}
#
# Netlink event socket buffer size. If you do not specify this clause,
# the default buffer size value in /proc/net/core/rmem_default is
# used. This default value is usually around 100 Kbytes which is
# fairly small for busy firewalls. This leads to event message dropping
# and high CPU consumption. This example configuration file sets the
# size to 2 MBytes to avoid this sort of problems.
#
NetlinkBufferSize 2097152
#
# The daemon doubles the size of the netlink event socket buffer size
# if it detects netlink event message dropping. This clause sets the
# maximum buffer size growth that can be reached. This example file
# sets the size to 8 MBytes.
#
NetlinkBufferSizeMaxGrowth 8388608
#
# If the daemon detects that Netlink is dropping state-change events,
# it automatically schedules a resynchronization against the Kernel
# after 30 seconds (default value). Resynchronizations are expensive
# in terms of CPU consumption since the daemon has to get the full
# kernel state-table and purge state-entries that do not exist anymore.
# Be careful of setting a very small value here. You have the following
# choices: On (enabled, use default 30 seconds value), Off (disabled)
# or Value (in seconds, to set a specific amount of time). If not
# specified, the daemon assumes that this option is enabled.
#
# NetlinkOverrunResync On
#
# If you want reliable event reporting over Netlink, set on this
# option. If you set on this clause, it is a good idea to set off
# NetlinkOverrunResync. This option is off by default and you need
# a Linux kernel >= 2.6.31.
#
# NetlinkEventsReliable Off
#
# By default, the daemon receives state updates following an
# event-driven model. You can modify this behaviour by switching to
# polling mode with the PollSecs clause. This clause tells conntrackd
# to dump the states in the kernel every N seconds. With regards to
# synchronization mode, the polling mode can only guarantee that
# long-lifetime states are recovered. The main advantage of this method
# is the reduction in the state replication at the cost of reducing the
# chances of recovering connections.
#
# PollSecs 15
#
# The daemon prioritizes the handling of state-change events coming
# from the core. With this clause, you can set the maximum number of
# state-change events (those coming from kernel-space) that the daemon
# will handle after which it will handle other events coming from the
# network or userspace. A low value improves interactivity (in terms of
# real-time behaviour) at the cost of extra CPU consumption.
# Default (if not set) is 100.
#
# EventIterationLimit 100
#
# Event filtering: This clause allows you to filter certain traffic,
# There are currently three filter-sets: Protocol, Address and
# State. The filter is attached to an action that can be: Accept or
# Ignore. Thus, you can define the event filtering policy of the
# filter-sets in positive or negative logic depending on your needs.
# You can select if conntrackd filters the event messages from
# user-space or kernel-space. The kernel-space event filtering
# saves some CPU cycles by avoiding the copy of the event message
# from kernel-space to user-space. The kernel-space event filtering
# is prefered, however, you require a Linux kernel >= 2.6.29 to
# filter from kernel-space. If you want to select kernel-space
# event filtering, use the keyword 'Kernelspace' instead of
# 'Userspace'.
#
Filter From Userspace {
#
# Accept only certain protocols: You may want to replicate
# the state of flows depending on their layer 4 protocol.
#
Protocol Accept {
TCP
SCTP
DCCP
# UDP
# ICMP # This requires a Linux kernel >= 2.6.31
}
#
# Ignore traffic for a certain set of IP's: Usually all the
# IP assigned to the firewall since local traffic must be
# ignored, only forwarded connections are worth to replicate.
# Note that these values depends on the local IPs that are
# assigned to the firewall.
#
Address Ignore {
IPv4_address 127.0.0.1 # loopback
IPv4_address [IGNORE_IP1]
IPv4_address [IGNORE_IP2]
IPv4_address [IGNORE_IP3]
#IPv4_address 192.168.0.100 # virtual IP 1
#IPv4_address 192.168.1.100 # virtual IP 2
#IPv4_address 192.168.0.1
#IPv4_address 192.168.1.1
#IPv4_address 192.168.100.100 # dedicated link ip
#
# You can also specify networks in format IP/cidr.
# IPv4_address 192.168.0.0/24
#
# You can also specify an IPv6 address
# IPv6_address ::1
}
#
# Uncomment this line below if you want to filter by flow state.
# This option introduces a trade-off in the replication: it
# reduces CPU consumption at the cost of having lazy backup
# firewall replicas. The existing TCP states are: SYN_SENT,
# SYN_RECV, ESTABLISHED, FIN_WAIT, CLOSE_WAIT, LAST_ACK,
# TIME_WAIT, CLOSED, LISTEN.
#
# State Accept {
# ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP
# }
}
}

View File

@ -1,23 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist
while read i
do
ifconfig $i down
done < /tmp/iflist

View File

@ -1,50 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist
ip addr show eth2 | grep "inet" 2>&1 > /dev/null
is_init=$?
set -e
while read i
do
# if eth2'ip has already been configured, we would use ifconfig rather than ifdown/ifup
if [ "$i" == "eth2" -a "$is_init" != "0" ]
then
ifdown $i
ifup $i
else
ifconfig $i down
ifconfig $i up
fi
done < /tmp/iflist
ip route add default via [GATEWAY] dev eth2
while read line
do
dev=$(echo $line | awk '{print $1'})
gw=$(echo $line | awk '{print $2'})
if [ "$dev" == "eth2" ]
then
continue;
fi
ip route add default via $gw table Table_$dev proto static
done < /var/cache/cloud/ifaceGwIp

View File

@ -1,37 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
source /root/func.sh
lock="biglock"
locked=$(getLockFile $lock)
if [ "$locked" != "1" ]
then
exit 1
fi
echo To fault called >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
echo Disable public ip >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
echo Stop services $? >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/primary-backup.sh fault >> [RROUTER_LOG] 2>&1
echo Switch conntrackd mode fault $? >> [RROUTER_LOG]
echo Status: FAULT >> [RROUTER_LOG]
releaseLockFile $lock $locked

View File

@ -1,20 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
t=$(date +%s)
echo $t > [RROUTER_BIN_PATH]/keepalived.ts

View File

@ -1,57 +0,0 @@
! Licensed to the Apache Software Foundation (ASF) under one
! or more contributor license agreements. See the NOTICE file
! distributed with this work for additional information
! regarding copyright ownership. The ASF licenses this file
! to you under the Apache License, Version 2.0 (the
! "License"); you may not use this file except in compliance
! with the License. You may obtain a copy of the License at
!
! http://www.apache.org/licenses/LICENSE-2.0
!
! Unless required by applicable law or agreed to in writing,
! software distributed under the License is distributed on an
! "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
! KIND, either express or implied. See the License for the
! specific language governing permissions and limitations
! under the License.
global_defs {
router_id [ROUTER_ID]
}
vrrp_script check_bumpup {
script "[RROUTER_BIN_PATH]/check_bumpup.sh"
interval 5
weight [DELTA]
}
vrrp_script heartbeat {
script "[RROUTER_BIN_PATH]/heartbeat.sh"
interval 10
}
vrrp_instance inside_network {
state BACKUP
interface eth0
virtual_router_id 51
priority [PRIORITY]
advert_int 1
authentication {
auth_type PASS
auth_pass WORD
}
virtual_ipaddress {
[ROUTER_IP] brd [BOARDCAST] dev eth0
}
track_script {
check_bumpup
heartbeat
}
notify_master "[RROUTER_BIN_PATH]/master.sh"
notify_backup "[RROUTER_BIN_PATH]/backup.sh"
notify_fault "[RROUTER_BIN_PATH]/fault.sh"
}

View File

@ -1,60 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
source /root/func.sh
lock="biglock"
locked=$(getLockFile $lock)
if [ "$locked" != "1" ]
then
exit 1
fi
echo To master called >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/enable_pubip.sh >> [RROUTER_LOG] 2>&1
ret=$?
if [ $ret -eq 0 ]
then
[RROUTER_BIN_PATH]/services.sh restart >> [RROUTER_LOG] 2>&1
ret=$?
fi
last_msg=`tail -n 1 [RROUTER_LOG]`
echo Enable public ip returned $ret >> [RROUTER_LOG]
if [ $ret -ne 0 ]
then
echo Fail to enable public ip! >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
[RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
service keepalived stop >> [RROUTER_LOG] 2>&1
service conntrackd stop >> [RROUTER_LOG] 2>&1
echo Status: FAULT \($last_msg\) >> [RROUTER_LOG]
releaseLockFile $lock $locked
exit
fi
[RROUTER_BIN_PATH]/primary-backup.sh primary >> [RROUTER_LOG] 2>&1
ret=$?
echo Switch conntrackd mode primary returned $ret >> [RROUTER_LOG]
if [ $ret -ne 0 ]
then
echo Fail to switch conntrackd mode, but try to continue working >> [RROUTER_LOG]
fi
[RROUTER_BIN_PATH]/arping_gateways.sh
echo Status: MASTER >> [RROUTER_LOG]
releaseLockFile $lock $locked
exit 0

View File

@ -1,126 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
CONNTRACKD_BIN=/usr/sbin/conntrackd
CONNTRACKD_LOCK=/var/lock/conntrack.lock
CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf
CONNTRACKD_LOG=[RROUTER_LOG]
case "$1" in
primary)
#
# commit the external cache into the kernel table
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c
if [ $? -eq 1 ]
then
logger "ERROR: failed to invoke conntrackd -c"
fi
#
# flush the internal and the external caches
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -f
if [ $? -eq 1 ]
then
logger "ERROR: failed to invoke conntrackd -f"
fi
#
# resynchronize my internal cache to the kernel table
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -R
if [ $? -eq 1 ]
then
logger "ERROR: failed to invoke conntrackd -R"
fi
#
# send a bulk update to backups
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -B
if [ $? -eq 1 ]
then
logger "ERROR: failed to invoke conntrackd -B"
fi
echo Conntrackd switch to primary done >> $CONNTRACKD_LOG
;;
backup)
#
# is conntrackd running? request some statistics to check it
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -s
if [ $? -eq 1 ]
then
#
# something's wrong, do we have a lock file?
#
if [ -f $CONNTRACKD_LOCK ]
then
logger "WARNING: conntrackd was not cleanly stopped."
logger "If you suspect that it has crashed:"
logger "1) Enable coredumps"
logger "2) Try to reproduce the problem"
logger "3) Post the coredump to netfilter-devel@vger.kernel.org"
rm -f $CONNTRACKD_LOCK
fi
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d
if [ $? -eq 1 ]
then
logger "ERROR: cannot launch conntrackd"
exit 1
fi
fi
#
# shorten kernel conntrack timers to remove the zombie entries.
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
if [ $? -eq 1 ]
then
logger "ERROR: failed to invoke conntrackd -t"
fi
#
# request resynchronization with master firewall replica (if any)
# Note: this does nothing in the alarm approach.
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -n
if [ $? -eq 1 ]
then
logger "ERROR: failed to invoke conntrackd -n"
fi
echo Conntrackd switch to backup done >> $CONNTRACKD_LOG
;;
fault)
#
# shorten kernel conntrack timers to remove the zombie entries.
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
if [ $? -eq 1 ]
then
logger "ERROR: failed to invoke conntrackd -t"
fi
echo Conntrackd switch to fault done >> $CONNTRACKD_LOG
;;
*)
logger "conntrackd: ERROR: unknown state transition: " $1
echo "Usage: primary-backup.sh {primary|backup|fault}"
exit 1
;;
esac
exit 0

View File

@ -1,68 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
vpn_service() {
ps aux|grep ipsec | grep -v grep > /dev/null
no_vpn=$?
if [ $no_vpn -eq 1 ]
then
return 0
fi
r=0
case "$1" in
stop)
service ipsec stop && \
service xl2tpd stop
r=$?
;;
restart)
service ipsec restart && \
service xl2tpd restart
r=$?
;;
esac
return $r
}
ret=0
case "$1" in
start)
vpn_service restart && \
service cloud-passwd-srvr start && \
service dnsmasq start
ret=$?
;;
stop)
vpn_service stop && \
service cloud-passwd-srvr stop && \
service dnsmasq stop
ret=$?
;;
restart)
vpn_service restart && \
service cloud-passwd-srvr restart && \
service dnsmasq restart
ret=$?
;;
*)
echo "Usage: services {start|stop|restart}"
exit 1
;;
esac
exit $ret

View File

@ -1,64 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
begin=$(date +%s)
echo "Backing up systemvm.img"
cp systemvm.img systemvm.img.tmp
echo "Converting raw image to fixed vhd"
vhd-util convert -s 0 -t 1 -i systemvm.img.tmp -o systemvm.vhd &> /dev/null
echo "Converting fixed vhd to dynamic vhd"
vhd-util convert -s 1 -t 2 -i systemvm.vhd -o systemvm.vhd &> /dev/null
echo "Compressing vhd..."
bzip2 -c systemvm.vhd > systemvm.vhd.bz2
echo "Done VHD"
echo "Converting raw image to qcow2"
qemu-img convert -f raw -O qcow2 systemvm.img systemvm.qcow2
echo "Compressing qcow2..."
bzip2 -c systemvm.qcow2 > systemvm.qcow2.bz2
echo "Done qcow2"
echo "Converting raw image to vmdk"
qemu-img convert -f raw -O vmdk systemvm.img systemvm.vmdk
echo "Done creating vmdk"
echo "Creating ova appliance "
ovftool systemvm.vmx systemvm.ova
echo "Done creating OVA"
echo "Cleaning up..."
rm -vf systemvm.vmdk
rm -vf systemvm.vhd.bak
echo "Compressing raw image..."
bzip2 -c systemvm.img > systemvm.img.bz2
echo "Done compressing raw image"
echo "Generating md5sums"
md5sum systemvm.img > md5sum
md5sum systemvm.img.bz2 >> md5sum
md5sum systemvm.vhd >> md5sum
md5sum systemvm.vhd.bz2 >> md5sum
md5sum systemvm.qcow2 >> md5sum
md5sum systemvm.qcow2.bz2 >> md5sum
md5sum systemvm.ova >> md5sum
fin=$(date +%s)
t=$((fin-begin))
echo "Finished compressing/converting image in $t seconds"

View File

@ -235,4 +235,3 @@ Listen 10.1.1.1:80
<IfModule mod_gnutls.c> <IfModule mod_gnutls.c>
Listen 10.1.1.1:443 Listen 10.1.1.1:443
</IfModule> </IfModule>

View File

@ -1,2 +1 @@
SUBSYSTEM=="net" KERNEL=="eth*" RUN+="/opt/cloud/bin/cloud-nic.sh $env{ACTION} %k" SUBSYSTEM=="net" KERNEL=="eth*" RUN+="/opt/cloud/bin/cloud-nic.sh $env{ACTION} %k"

View File

@ -31,4 +31,3 @@ COMMIT
-A INPUT -i lo -j ACCEPT -A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT -A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
COMMIT COMMIT

Some files were not shown because too many files have changed in this diff Show More