CLOUDSTACK-10013: SystemVM.iso refactoring and cleanups

- Removes old/dead files - Refactors file path/location, backward compatible to filepaths in systemvm.isoa - Fixes failures around apache2
2025-10-26 08:42:29 +01:00 · 2017-11-26 13:32:33 +05:30 · 2017-11-26 13:32:33 +05:30 · 9aa7d4e818
commit 9aa7d4e818
parent 0102e8593d
257 changed files with 866 additions and 4304 deletions
--- a/agent-simulator/tomcatconf/commands-simulator.properties.in
+++ b/agent-simulator/tomcatconf/commands-simulator.properties.in
@ -1,21 +0,0 @@
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 # 
 #   http://www.apache.org/licenses/LICENSE-2.0
 # 
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 configureSimulator=com.cloud.api.commands.ConfigureSimulatorCmd;1
 querySimulatorMock=com.cloud.api.commands.QuerySimulatorMockCmd;1
 cleanupSimulatorMock=com.cloud.api.commands.CleanupSimulatorMockCmd;1
--- a/client/pom.xml
+++ b/client/pom.xml
@ -798,7 +798,6 @@
                  <target>
                    <copy todir="${basedir}/target/common/vms">
                      <fileset dir="${basedir}/../systemvm/dist">
                        <include name="systemvm.zip"/>
                        <include name="systemvm.iso"/>
                      </fileset>
                    </copy>
--- a/developer/developer-prefill.sql
+++ b/developer/developer-prefill.sql
@ -112,7 +112,7 @@ INSERT INTO `cloud`.`configuration` (category, instance, component, name, value)
 INSERT INTO `cloud`.`configuration` (category, instance, component, name, value)
            VALUES ('Advanced', 'DEFAULT', 'management-server',
-            'ping.timeout', '1.5');
+            'ping.timeout', '2.0');
 -- Enable dynamic RBAC by default for fresh deployments
 INSERT INTO `cloud`.`configuration` (category, instance, component, name, value)
--- a/pom.xml
+++ b/pom.xml
@ -920,35 +920,12 @@
              <exclude>ui/lib/reset.css</exclude>
              <exclude>ui/lib/require.js</exclude>
              <exclude>utils/testsmallfileinactive</exclude>
-              <exclude>systemvm/conf/agent.properties</exclude>
+              <exclude>systemvm/agent/conf/agent.properties</exclude>
-              <exclude>systemvm/conf/environment.properties</exclude>
+              <exclude>systemvm/agent/conf/environment.properties</exclude>
-              <exclude>systemvm/js/jquery.js</exclude>
+              <exclude>systemvm/agent/js/jquery.js</exclude>
-              <exclude>systemvm/js/jquery.flot.navigate.js</exclude>
+              <exclude>systemvm/agent/js/jquery.flot.navigate.js</exclude>
-              <exclude>systemvm/patches/debian/systemvm.vmx</exclude>
+              <exclude>systemvm/patches/debian/**</exclude>
-              <exclude>systemvm/patches/debian/config/root/.ssh/authorized_keys</exclude>
+              <exclude>systemvm/patches/vpn/**</exclude>
              <exclude>systemvm/patches/debian/config/etc/apache2/httpd.conf</exclude>
              <exclude>systemvm/patches/debian/config/etc/apache2/vhost.template</exclude>
              <exclude>systemvm/patches/debian/config/etc/dnsmasq.conf.tmpl</exclude>
              <exclude>systemvm/patches/debian/config/etc/vpcdnsmasq.conf</exclude>
              <exclude>systemvm/patches/debian/config/etc/ssh/sshd_config</exclude>
              <exclude>systemvm/patches/debian/config/etc/rsyslog.conf</exclude>
              <exclude>systemvm/patches/debian/config/etc/logrotate.conf</exclude>
              <exclude>systemvm/patches/debian/config/etc/logrotate.d/*</exclude>
              <exclude>systemvm/patches/debian/config/etc/sysctl.conf</exclude>
              <exclude>systemvm/patches/debian/config/root/redundant_router/keepalived.conf.templ</exclude>
              <exclude>systemvm/patches/debian/config/root/redundant_router/arping_gateways.sh.templ</exclude>
              <exclude>systemvm/patches/debian/config/root/redundant_router/conntrackd.conf.templ</exclude>
              <exclude>systemvm/patches/debian/vpn/etc/ipsec.conf</exclude>
              <exclude>systemvm/patches/debian/vpn/etc/ppp/options.xl2tpd</exclude>
              <exclude>systemvm/patches/debian/vpn/etc/xl2tpd/xl2tpd.conf</exclude>
              <exclude>systemvm/patches/debian/vpn/etc/ipsec.secrets</exclude>
              <exclude>systemvm/patches/debian/config/etc/haproxy/haproxy.cfg</exclude>
              <exclude>systemvm/patches/debian/config/etc/cloud-nic.rules</exclude>
              <exclude>systemvm/patches/debian/config/etc/modprobe.d/aesni_intel</exclude>
              <exclude>systemvm/patches/debian/config/etc/rc.local</exclude>
              <exclude>systemvm/patches/debian/config/var/www/html/userdata/.htaccess</exclude>
              <exclude>systemvm/patches/debian/config/var/www/html/latest/.htaccess</exclude>
              <exclude>systemvm/patches/debian/vpn/etc/ipsec.d/l2tp.conf</exclude>
              <exclude>tools/transifex/.tx/config</exclude>
              <exclude>tools/logo/apache_cloudstack.png</exclude>
              <exclude>tools/marvin/marvin/sandbox/advanced/sandbox.cfg</exclude>
--- a/setup/dev/advanced.cfg
+++ b/setup/dev/advanced.cfg
@ -231,7 +231,7 @@
        },
        {
            "name": "ping.timeout",
-            "value": "1.5"
+            "value": "2.0"
        }
    ],
    "mgtSvr": [
--- a/systemvm/agent/certs/localhost.crt
+++ b/systemvm/agent/certs/localhost.crt
--- a/systemvm/agent/certs/localhost.key
+++ b/systemvm/agent/certs/localhost.key
--- a/systemvm/agent/certs/realhostip.crt
+++ b/systemvm/agent/certs/realhostip.crt
--- a/systemvm/agent/certs/realhostip.csr
+++ b/systemvm/agent/certs/realhostip.csr
--- a/systemvm/agent/certs/realhostip.key
+++ b/systemvm/agent/certs/realhostip.key
--- a/systemvm/agent/certs/realhostip.keystore
+++ b/systemvm/agent/certs/realhostip.keystore
--- a/systemvm/agent/conf/agent.properties
+++ b/systemvm/agent/conf/agent.properties
--- a/systemvm/agent/conf/consoleproxy.properties
+++ b/systemvm/agent/conf/consoleproxy.properties
--- a/systemvm/agent/conf/environment.properties
+++ b/systemvm/agent/conf/environment.properties
--- a/systemvm/agent/conf/log4j-cloud.xml
+++ b/systemvm/agent/conf/log4j-cloud.xml
--- a/systemvm/agent/css/ajaxviewer.css
+++ b/systemvm/agent/css/ajaxviewer.css
--- a/systemvm/agent/css/logger.css
+++ b/systemvm/agent/css/logger.css
@ -136,4 +136,3 @@ a:hover.logwin_minimizebutton {
    height: 477px;
    background: white;
 }
--- a/systemvm/agent/images/back.gif
+++ b/systemvm/agent/images/back.gif
--- a/systemvm/agent/images/bright-green.png
+++ b/systemvm/agent/images/bright-green.png
--- a/systemvm/agent/images/cad.gif
+++ b/systemvm/agent/images/cad.gif
--- a/systemvm/agent/images/cannotconnect.jpg
+++ b/systemvm/agent/images/cannotconnect.jpg
--- a/systemvm/agent/images/clr_button.gif
+++ b/systemvm/agent/images/clr_button.gif
--- a/systemvm/agent/images/clr_button_hover.gif
+++ b/systemvm/agent/images/clr_button_hover.gif
--- a/systemvm/agent/images/dot.cur
+++ b/systemvm/agent/images/dot.cur
--- a/systemvm/agent/images/gray-green.png
+++ b/systemvm/agent/images/gray-green.png
--- a/systemvm/agent/images/grid_headerbg.gif
+++ b/systemvm/agent/images/grid_headerbg.gif
--- a/systemvm/agent/images/left.png
+++ b/systemvm/agent/images/left.png
--- a/systemvm/agent/images/minimize_button.gif
+++ b/systemvm/agent/images/minimize_button.gif
--- a/systemvm/agent/images/minimize_button_hover.gif
+++ b/systemvm/agent/images/minimize_button_hover.gif
--- a/systemvm/agent/images/notready.jpg
+++ b/systemvm/agent/images/notready.jpg
--- a/systemvm/agent/images/play_button.gif
+++ b/systemvm/agent/images/play_button.gif
--- a/systemvm/agent/images/play_button_hover.gif
+++ b/systemvm/agent/images/play_button_hover.gif
--- a/systemvm/agent/images/right.png
+++ b/systemvm/agent/images/right.png
--- a/systemvm/agent/images/right2.png
+++ b/systemvm/agent/images/right2.png
--- a/systemvm/agent/images/shrink_button.gif
+++ b/systemvm/agent/images/shrink_button.gif
--- a/systemvm/agent/images/shrink_button_hover.gif
+++ b/systemvm/agent/images/shrink_button_hover.gif
--- a/systemvm/agent/images/stop_button.gif
+++ b/systemvm/agent/images/stop_button.gif
--- a/systemvm/agent/images/stop_button_hover.gif
+++ b/systemvm/agent/images/stop_button_hover.gif
--- a/systemvm/agent/images/winlog.png
+++ b/systemvm/agent/images/winlog.png
--- a/systemvm/agent/js/ajaxkeys.js
+++ b/systemvm/agent/js/ajaxkeys.js
--- a/systemvm/agent/js/ajaxviewer.js
+++ b/systemvm/agent/js/ajaxviewer.js
@ -712,17 +712,17 @@ AjaxViewer.prototype = {
 		mapper.jsX11KeysymMap[AjaxViewer.JS_KEY_JP_BACK_SLASH] = AjaxViewer.X11_KEY_REVERSE_SOLIUS;		// X11 REVERSE SOLIDUS
 		mapper.jsX11KeysymMap[AjaxViewer.JS_KEY_JP_YEN_MARK] = AjaxViewer.X11_KEY_YEN_MARK;				// X11 YEN SIGN
 		mapper.jsKeyPressX11KeysymMap[61] = [
-    	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_CIRCUMFLEX_ACCENT, modifiers: 0 },
+	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_CIRCUMFLEX_ACCENT, modifiers: 0 },
-    	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_CIRCUMFLEX_ACCENT, modifiers: 0 },
+	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_CIRCUMFLEX_ACCENT, modifiers: 0 },
-    	];
+	];
 		mapper.jsKeyPressX11KeysymMap[43] = [
-    	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false },
+	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false },
-    	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false },
+	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false },
-    	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false },
+	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false },
-    	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false },
+	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false },
-    	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_TILDE, modifiers: 0, shift: true },
+	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_TILDE, modifiers: 0, shift: true },
-    	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_TILDE, modifiers: 0, shift: true }
+	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_TILDE, modifiers: 0, shift: true }
        ];
 */
@ -736,24 +736,24 @@ AjaxViewer.prototype = {
 		mapper.jsX11KeysymMap[186] = AjaxViewer.X11_KEY_COLON;					// Chrome
 		mapper.jsX11KeysymMap[226] = AjaxViewer.X11_KEY_REVERSE_SOLIUS;			// \| key left to right SHIFT on JP keyboard
 		mapper.jsX11KeysymMap[240] = [
-      	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_CAPSLOCK, modifiers: 0 },
+	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_CAPSLOCK, modifiers: 0 },
-    	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_CAPSLOCK, modifiers: 0 },
+	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_CAPSLOCK, modifiers: 0 },
-    	];
+	];
 		// for keycode 107, keypress 59
 		mapper.jsKeyPressX11KeysymMap[59] = [
-    	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_SEMI_COLON, modifiers: 0 },
+	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_SEMI_COLON, modifiers: 0 },
-    	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_SEMI_COLON, modifiers: 0 },
+	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_SEMI_COLON, modifiers: 0 },
-    	];
+	];
 		// for keycode 107, keypress 43
 		mapper.jsKeyPressX11KeysymMap[43] = [
-     	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false },
+	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false },
-    	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false },
+	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false },
-    	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false },
+	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false },
-    	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false },
+	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false },
-       	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: true },
+	    {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: true },
-       	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: true },
+	    {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: true },
        ];
 */
@ -1437,4 +1437,3 @@ AjaxViewer.prototype = {
 		return modifiers;
 	}
 };
--- a/systemvm/agent/js/cloud.logger.js
+++ b/systemvm/agent/js/cloud.logger.js
@ -65,10 +65,10 @@ Logger.prototype = {
 				'<div class="logwin">',
 				'<div class="logwin_title">',
 					'<div class="logwin_title_actionbox">',
-		        		'<a class="logwin_playbutton" href="#" cmd="1"></a>', 
+					'<a class="logwin_playbutton" href="#" cmd="1"></a>',
-		        		'<a class="logwin_stopbutton" href="#" cmd="2"></a>',
+					'<a class="logwin_stopbutton" href="#" cmd="2"></a>',
-		        		'<a class="logwin_clrbutton" href="#" cmd="3"></a>',
+					'<a class="logwin_clrbutton" href="#" cmd="3"></a>',
-		        		'<form action="#">',
+					'<form action="#">',
 						'<select class="select" id="template_type">',
 		                  '<option value="0">TRACE</option>',
 		                  '<option value="1">DEBUG</option>',
@ -76,11 +76,11 @@ Logger.prototype = {
 		                  '<option value="3">WARN</option>',
 		                  '<option value="4">ERROR</option>',
 		                  '<option value="5">FATAL</option>',
-		         		'</select>',
+					'</select>',
-		         		'</form>',
+					'</form>',
 		            '</div>',
 		            '<div class="logwin_title_rgtactionbox">',
-			        	'<a class="logwin_minimizebutton" href="#" cmd="4"></a>',
+					'<a class="logwin_minimizebutton" href="#" cmd="4"></a>',
 			            '<a class="logwin_shrinkbutton" href="#" cmd="5"></a>',
 		            '</div>',
 				'</div>',
@ -335,4 +335,3 @@ Logger.prototype = {
 		}
 	}
 };
--- a/systemvm/agent/js/handler.js
+++ b/systemvm/agent/js/handler.js
--- a/systemvm/agent/js/jquery.flot.navigate.js
+++ b/systemvm/agent/js/jquery.flot.navigate.js
--- a/systemvm/agent/js/jquery.js
+++ b/systemvm/agent/js/jquery.js
--- a/systemvm/agent/scripts/_run.sh
+++ b/systemvm/agent/scripts/_run.sh
--- a/systemvm/agent/scripts/config_auth.sh
+++ b/systemvm/agent/scripts/config_auth.sh
--- a/systemvm/agent/scripts/config_ssl.sh
+++ b/systemvm/agent/scripts/config_ssl.sh
@ -47,8 +47,6 @@ config_apache2_conf() {
  cp -f /etc/apache2/sites-available/default-ssl.orig /etc/apache2/sites-available/default-ssl
  sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:80>/" /etc/apache2/sites-available/default
  sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:443>/" /etc/apache2/sites-available/default-ssl
  sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/ports.conf
  sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/ports.conf
  sed -i  's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-available/default-ssl
  sed -i  's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-available/default-ssl
  sed -i  's/SSLProtocol.*$/SSLProtocol all -SSLv2 -SSLv3/' /etc/apache2/sites-available/default-ssl
@ -208,10 +206,7 @@ fi
 if [ -d /etc/apache2 ]
 then
  config_apache2_conf $publicIp $hostName
-  /etc/init.d/apache2 stop
+  systemctl restart apache2
  /etc/init.d/apache2 start
 else
  config_httpd_conf $publicIp $hostName
 fi
--- a/systemvm/agent/scripts/consoleproxy.sh
+++ b/systemvm/agent/scripts/consoleproxy.sh
--- a/systemvm/agent/scripts/ipfirewall.sh
+++ b/systemvm/agent/scripts/ipfirewall.sh
@ -47,4 +47,3 @@ do
        ips "$i"
 done
 exit $?
--- a/systemvm/agent/scripts/run-proxy.sh
+++ b/systemvm/agent/scripts/run-proxy.sh
--- a/systemvm/agent/scripts/run.sh
+++ b/systemvm/agent/scripts/run.sh
--- a/systemvm/agent/scripts/secstorage.sh
+++ b/systemvm/agent/scripts/secstorage.sh
--- a/systemvm/agent/scripts/ssvm-check.sh
+++ b/systemvm/agent/scripts/ssvm-check.sh
--- a/systemvm/agent/scripts/utils.sh
+++ b/systemvm/agent/scripts/utils.sh
--- a/systemvm/agent/ui/viewer-bad-sid.ftl
+++ b/systemvm/agent/ui/viewer-bad-sid.ftl
--- a/systemvm/agent/ui/viewer-connect-failed.ftl
+++ b/systemvm/agent/ui/viewer-connect-failed.ftl
--- a/systemvm/agent/ui/viewer-update.ftl
+++ b/systemvm/agent/ui/viewer-update.ftl
@ -21,4 +21,3 @@ tileMap = [ ${tileSequence} ];
 	ajaxViewer.resize('main_panel', ${width}, ${height}, ${tileWidth}, ${tileHeight});
 </#if>
 ajaxViewer.refresh('${imgUrl}', tileMap, false);
--- a/systemvm/agent/ui/viewer.ftl
+++ b/systemvm/agent/ui/viewer.ftl
--- a/systemvm/bindir/cloud-setup-console-proxy.in
+++ b/systemvm/bindir/cloud-setup-console-proxy.in
@ -1,220 +0,0 @@
 #!/usr/bin/env python
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 # 
 #   http://www.apache.org/licenses/LICENSE-2.0
 # 
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 import sys, os, subprocess, errno, re, getopt
 # ---- This snippet of code adds the sources path and the waf configured PYTHONDIR to the Python path ----
 # ---- We do this so cloud_utils can be looked up in the following order:
 # ---- 1) Sources directory
 # ---- 2) waf configured PYTHONDIR
 # ---- 3) System Python path
 for pythonpath in (
 		"@PYTHONDIR@",
 		os.path.join(os.path.dirname(__file__),os.path.pardir,os.path.pardir,"python","lib"),
 	):
 		if os.path.isdir(pythonpath): sys.path.insert(0,pythonpath)
 # ---- End snippet of code ----
 import cloud_utils
 from cloud_utils import stderr
 E_GENERIC= 1
 E_NOKVM = 2
 E_NODEFROUTE = 3
 E_DHCP = 4
 E_NOPERSISTENTNET = 5
 E_NETRECONFIGFAILED = 6
 E_VIRTRECONFIGFAILED = 7
 E_FWRECONFIGFAILED = 8
 E_CPRECONFIGFAILED = 9
 E_CPFAILEDTOSTART = 10
 E_NOFQDN = 11
 def bail(errno=E_GENERIC,message=None,*args):
 	if message: stderr(message,*args)
 	stderr("Cloud Console Proxy setup aborted")
 	sys.exit(errno)
 #---------------- boilerplate for python 2.4 support 
 # CENTOS does not have this -- we have to put this here
 try:
 	from subprocess import check_call
 	from subprocess import CalledProcessError
 except ImportError:
 	def check_call(*popenargs, **kwargs):
 		import subprocess
 		retcode = subprocess.call(*popenargs, **kwargs)
 		cmd = kwargs.get("args")
 		if cmd is None: cmd = popenargs[0]
 		if retcode: raise CalledProcessError(retcode, cmd)
 		return retcode
 	class CalledProcessError(Exception):
 		def __init__(self, returncode, cmd):
 			self.returncode = returncode ; self.cmd = cmd
 		def __str__(self): return "Command '%s' returned non-zero exit status %d" % (self.cmd, self.returncode)
 # ------------ end boilerplate -------------------------
 def check_hostname(): return check_call(["hostname",'--fqdn'])
 class Command:
 	def __init__(self,name,parent=None):
 		self.__name = name
 		self.__parent = parent
 	def __getattr__(self,name):
 		if name == "_print": name = "print"
 		return Command(name,self)
 	def __call__(self,*args):
 		cmd = self.__get_recursive_name() + list(args)
 		#print "	",cmd
 		popen = subprocess.Popen(cmd,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
 		m = popen.communicate()
 		ret = popen.wait()
 		if ret:
 			e = CalledProcessError(ret,cmd)
 			e.stdout,e.stderr = m
 			raise e
 		class CommandOutput:
 			def __init__(self,stdout,stderr):
 				self.stdout = stdout
 				self.stderr = stderr
 		return CommandOutput(*m)
 	def __lt__(self,other):
 		cmd = self.__get_recursive_name()
 		#print "	",cmd,"<",other
 		popen = subprocess.Popen(cmd,stdin=subprocess.PIPE,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
 		m = popen.communicate(other)
 		ret = popen.wait()
 		if ret:
 			e = CalledProcessError(ret,cmd)
 			e.stdout,e.stderr = m
 			raise e
 		class CommandOutput:
 			def __init__(self,stdout,stderr):
 				self.stdout = stdout
 				self.stderr = stderr
 		return CommandOutput(*m)
 	def __get_recursive_name(self,sep=None):
 		m = self
 		l = []
 		while m is not None:
 			l.append(m.__name)
 			m = m.__parent
 		l.reverse()
 		if sep: return sep.join(l)
 		else: return l
 	def __str__(self):
 		return '<Command %r>'%self.__get_recursive_name(sep=" ")
 	def __repr__(self): return self.__str__()
 ip = Command("ip")
 service = Command("service")
 chkconfig = Command("chkconfig")
 ufw = Command("ufw")
 iptables = Command("iptables")
 augtool = Command("augtool")
 ifconfig = Command("ifconfig")
 uuidgen = Command("uuidgen")
 Fedora = os.path.exists("/etc/fedora-release")
 CentOS = os.path.exists("/etc/centos-release") or ( os.path.exists("/etc/redhat-release") and not os.path.exists("/etc/fedora-release") )
 #--------------- procedure starts here ------------
 def main():
 	# parse cmd line	
 	opts, args = getopt.getopt(sys.argv[1:], "a", ["host=", "zone=", "pod="])
 	host=None
 	zone=None
 	pod=None
    	autoMode=False
 	do_check_kvm = True	
 	for opt, arg in opts:
 		if opt == "--host":
 			if arg != "":
 				host = arg
 		elif opt == "--zone":
 			if arg != "":
 				zone = arg
 		elif opt == "--pod":
 		        if arg != "":
 				pod = arg
        	elif opt == "-a":
            		autoMode=True
 	servicename = "@PACKAGE@-console-proxy"
 	if autoMode:
 		cloud_utils.setLogFile("/var/log/cloud/setupConsoleProxy.log")
 	stderr("Welcome to the Cloud Console Proxy setup")
 	stderr("")
 	try:
 		check_hostname()
 		stderr("The hostname of this machine is properly set up")
 	except CalledProcessError,e:
 		bail(E_NOFQDN,"This machine does not have an FQDN (fully-qualified domain name) for a hostname")
 	stderr("Stopping the Cloud Console Proxy")
 	cloud_utils.stop_service(servicename)
 	stderr("Cloud Console Proxy stopped")
 	ports = "8002".split()
 	if Fedora or CentOS:
 		try:
 			o = chkconfig("--list","iptables")
 			if ":on" in o.stdout and os.path.exists("/etc/sysconfig/iptables"):
 				stderr("Setting up firewall rules to permit traffic to Cloud services")
 				service.iptables.start() ; print o.stdout + o.stderr
 				for p in ports: iptables("-I","INPUT","1","-p","tcp","--dport",p,'-j','ACCEPT')
 				o = service.iptables.save() ; print o.stdout + o.stderr
 		except CalledProcessError,e:
 			print e.stdout+e.stderr
 			bail(E_FWRECONFIGFAILED,"Firewall rules could not be set")
 	else:
 		stderr("Setting up firewall rules to permit traffic to Cloud services")
 		try:
 			for p in ports: ufw.allow(p)
 			stderr("Rules set")
 		except CalledProcessError,e:
 			print e.stdout+e.stderr
 			bail(E_FWRECONFIGFAILED,"Firewall rules could not be set")
 		stderr("We are going to enable ufw now.  This may disrupt network connectivity and service availability.  See the ufw documentation for information on how to manage ufw firewall policies.")
 		try:
 			o = ufw.enable < "y\n" ; print o.stdout + o.stderr
 		except CalledProcessError,e:
 			print e.stdout+e.stderr
 			bail(E_FWRECONFIGFAILED,"Firewall could not be enabled")
 	cloud_utils.setup_consoleproxy_config("@CPSYSCONFDIR@/agent.properties", host, zone, pod)
 	stderr("Enabling and starting the Cloud Console Proxy")
 	cloud_utils.enable_service(servicename)
 	stderr("Cloud Console Proxy restarted")
 if __name__ == "__main__":
 	main()
 # FIXMES: 1) nullify networkmanager on ubuntu (asking the user first) and enable the networking service permanently
--- a/systemvm/conf.dom0/agent.properties.in
+++ b/systemvm/conf.dom0/agent.properties.in
@ -1,46 +0,0 @@
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 # 
 #   http://www.apache.org/licenses/LICENSE-2.0
 # 
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 # Sample configuration file for VMOPS console proxy
 instance=ConsoleProxy
 consoleproxy.httpListenPort=8002
 #resource= the java class, which agent load to execute
 resource=com.cloud.agent.resource.consoleproxy.ConsoleProxyResource
 #host= The IP address of management server
 host=localhost
 #port = The port management server listening on, default is 8250
 port=8250
 #pod= The pod, which agent belonged to
 pod=default
 #zone= The zone, which agent belonged to
 zone=default
 #private.network.device= the private nic device
 # if this is commented, it is autodetected on service startup
 # private.network.device=cloudbr0
 #public.network.device= the public nic device
 # if this is commented, it is autodetected on service startup
 # public.network.device=cloudbr0
 #guid= a GUID to identify the agent
--- a/systemvm/conf.dom0/consoleproxy.properties.in
+++ b/systemvm/conf.dom0/consoleproxy.properties.in
@ -1,23 +0,0 @@
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 # 
 #   http://www.apache.org/licenses/LICENSE-2.0
 # 
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 consoleproxy.tcpListenPort=0
 consoleproxy.httpListenPort=80
 consoleproxy.httpCmdListenPort=8001
 consoleproxy.jarDir=./applet/
 consoleproxy.viewerLinger=180
 consoleproxy.reconnectMaxRetry=5
--- a/systemvm/conf.dom0/log4j-cloud.xml.in
+++ b/systemvm/conf.dom0/log4j-cloud.xml.in
@ -1,111 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 Licensed to the Apache Software Foundation (ASF) under one
 or more contributor license agreements.  See the NOTICE file
 distributed with this work for additional information
 regarding copyright ownership.  The ASF licenses this file
 to you under the Apache License, Version 2.0 (the
 "License"); you may not use this file except in compliance
 with the License.  You may obtain a copy of the License at
  http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing,
 software distributed under the License is distributed on an
 "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 KIND, either express or implied.  See the License for the
 specific language governing permissions and limitations
 under the License.
 -->
 <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
 <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
   <!-- ================================= -->
   <!-- Preserve messages in a local file -->
   <!-- ================================= -->
   <!-- A time/date based rolling appender -->
   <appender name="FILE" class="org.apache.log4j.rolling.RollingFileAppender">
      <param name="Append" value="true"/>
      <param name="Threshold" value="WARN"/>
      <rollingPolicy class="org.apache.log4j.rolling.TimeBasedRollingPolicy">
        <param name="FileNamePattern" value="@CPLOG@.%d{yyyy-MM-dd}.gz"/>
        <param name="ActiveFileName" value="@CPLOG@"/>
      </rollingPolicy>
      <layout class="org.apache.log4j.EnhancedPatternLayout">
         <param name="ConversionPattern" value="%d{ISO8601} %-5p [%c{3}] (%t:%x) (logid:%X{logcontextid}) %m%n"/>
      </layout>
   </appender>
   <!-- ============================== -->
   <!-- Append messages to the console -->
   <!-- ============================== -->
   <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
      <param name="Target" value="System.out"/>
      <param name="Threshold" value="WARN"/>
      <layout class="org.apache.log4j.PatternLayout">
         <param name="ConversionPattern" value="%d{ABSOLUTE} %5p %c{1}:%L - %m%n"/>
      </layout>
   </appender>
   <!-- ================ -->
   <!-- Limit categories -->
   <!-- ================ -->
   <category name="com.cloud.console.ConsoleCanvas">
     <priority value="WARN"/>
   </category>
   <category name="com.cloud.consoleproxy.ConsoleProxyAjaxImageHandler">
     <priority value="WARN"/>
   </category>
   <category name="com.cloud.consoleproxy.ConsoleProxyViwer">
     <priority value="WARN"/>
   </category>
   <category name="com.cloud.consoleproxy">
     <priority value="INFO"/>
   </category>
   <category name="com.cloud">
     <priority value="DEBUG"/>
   </category>
   <!-- Limit the org.apache category to INFO as its DEBUG is verbose -->
   <category name="org.apache">
      <priority value="INFO"/>
   </category>
   <category name="org">
      <priority value="INFO"/>
   </category>
   <category name="net">
     <priority value="INFO"/>
   </category>
   <!-- Limit the com.amazonaws category to INFO as its DEBUG is verbose -->
   <category name="com.amazonaws">
      <priority value="INFO"/>
   </category>
   <!-- Limit the httpclient.wire category to INFO as its DEBUG is verbose -->
   <category name="httpclient.wire">
      <priority value="INFO"/>
   </category>
   <!-- ======================= -->
   <!-- Setup the Root category -->
   <!-- ======================= -->
   <root>
      <level value="INFO"/>
      <appender-ref ref="CONSOLE"/>
      <appender-ref ref="FILE"/>
   </root>
 </log4j:configuration>
--- a/systemvm/conf/agent.properties.ssvm
+++ b/systemvm/conf/agent.properties.ssvm
@ -1,21 +0,0 @@
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 # 
 #   http://www.apache.org/licenses/LICENSE-2.0
 # 
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 #mount.path=~/secondary-storage/
 resource=org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource
 testCifsMount=cifs://192.168.1.1/CSHV3?user=administrator&password=1pass%40word1
 #testLocalRoot=test
--- a/systemvm/distro/centos/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in
+++ b/systemvm/distro/centos/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in
@ -1,96 +0,0 @@
 #!/bin/bash
 # chkconfig: 35 99 10
 # description: Cloud Console Proxy
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 # 
 #   http://www.apache.org/licenses/LICENSE-2.0
 # 
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 # WARNING: if this script is changed, then all other initscripts MUST BE changed to match it as well
 . /etc/rc.d/init.d/functions
 # set environment variables
 SHORTNAME=`basename $0`
 PIDFILE=@PIDDIR@/"$SHORTNAME".pid
 LOCKFILE=@LOCKDIR@/"$SHORTNAME"
 LOGFILE=@CPLOG@
 PROGNAME="Cloud Console Proxy"
 unset OPTIONS
 [ -r @SYSCONFDIR@/sysconfig/"$SHORTNAME" ] && source @SYSCONFDIR@/sysconfig/"$SHORTNAME"
 DAEMONIZE=@BINDIR@/@PACKAGE@-daemonize
 PROG=@LIBEXECDIR@/console-proxy-runner
 start() {
        echo -n $"Starting $PROGNAME: "
 	if hostname --fqdn >/dev/null 2>&1 ; then
 		daemon --check=$SHORTNAME --pidfile=${PIDFILE} "$DAEMONIZE" \
 			-n "$SHORTNAME" -p "$PIDFILE" -l "$LOGFILE" "$PROG" $OPTIONS
 		RETVAL=$?
 		echo
 	else
 		failure
 		echo
 		echo The host name does not resolve properly to an IP address.  Cannot start "$PROGNAME". > /dev/stderr
 		RETVAL=9
 	fi
 	[ $RETVAL = 0 ] && touch ${LOCKFILE}
 	return $RETVAL
 }
 stop() {
 	echo -n $"Stopping $PROGNAME: "
 	killproc -p ${PIDFILE} $SHORTNAME # -d 10 $SHORTNAME
 	RETVAL=$?
 	echo
 	[ $RETVAL = 0 ] && rm -f ${LOCKFILE} ${PIDFILE}
 }
 # See how we were called.
 case "$1" in
  start)
 	start
 	;;
  stop)
 	stop
 	;;
  status)
        status -p ${PIDFILE} $SHORTNAME
 	RETVAL=$?
 	;;
  restart)
 	stop
 	sleep 3
 	start
 	;;
  condrestart)
 	if status -p ${PIDFILE} $SHORTNAME >&/dev/null; then
 		stop
 		sleep 3
 		start
 	fi
 	;;
  *)
 	echo $"Usage: $SHORTNAME {start|stop|restart|condrestart|status|help}"
 	RETVAL=3
 esac
 exit $RETVAL
--- a/systemvm/distro/fedora/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in
+++ b/systemvm/distro/fedora/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in
@ -1,96 +0,0 @@
 #!/bin/bash
 # chkconfig: 35 99 10
 # description: Cloud Console Proxy
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 # 
 #   http://www.apache.org/licenses/LICENSE-2.0
 # 
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 # WARNING: if this script is changed, then all other initscripts MUST BE changed to match it as well
 . /etc/rc.d/init.d/functions
 # set environment variables
 SHORTNAME=`basename $0`
 PIDFILE=@PIDDIR@/"$SHORTNAME".pid
 LOCKFILE=@LOCKDIR@/"$SHORTNAME"
 LOGFILE=@CPLOG@
 PROGNAME="Cloud Console Proxy"
 unset OPTIONS
 [ -r @SYSCONFDIR@/sysconfig/"$SHORTNAME" ] && source @SYSCONFDIR@/sysconfig/"$SHORTNAME"
 DAEMONIZE=@BINDIR@/@PACKAGE@-daemonize
 PROG=@LIBEXECDIR@/console-proxy-runner
 start() {
        echo -n $"Starting $PROGNAME: "
 	if hostname --fqdn >/dev/null 2>&1 ; then
 		daemon --check=$SHORTNAME --pidfile=${PIDFILE} "$DAEMONIZE" \
 			-n "$SHORTNAME" -p "$PIDFILE" -l "$LOGFILE" "$PROG" $OPTIONS
 		RETVAL=$?
 		echo
 	else
 		failure
 		echo
 		echo The host name does not resolve properly to an IP address.  Cannot start "$PROGNAME". > /dev/stderr
 		RETVAL=9
 	fi
 	[ $RETVAL = 0 ] && touch ${LOCKFILE}
 	return $RETVAL
 }
 stop() {
 	echo -n $"Stopping $PROGNAME: "
 	killproc -p ${PIDFILE} $SHORTNAME # -d 10 $SHORTNAME
 	RETVAL=$?
 	echo
 	[ $RETVAL = 0 ] && rm -f ${LOCKFILE} ${PIDFILE}
 }
 # See how we were called.
 case "$1" in
  start)
 	start
 	;;
  stop)
 	stop
 	;;
  status)
        status -p ${PIDFILE} $SHORTNAME
 	RETVAL=$?
 	;;
  restart)
 	stop
 	sleep 3
 	start
 	;;
  condrestart)
 	if status -p ${PIDFILE} $SHORTNAME >&/dev/null; then
 		stop
 		sleep 3
 		start
 	fi
 	;;
  *)
 	echo $"Usage: $SHORTNAME {start|stop|restart|condrestart|status|help}"
 	RETVAL=3
 esac
 exit $RETVAL
--- a/systemvm/distro/rhel/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in
+++ b/systemvm/distro/rhel/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in
@ -1,96 +0,0 @@
 #!/bin/bash
 # chkconfig: 35 99 10
 # description: Cloud Console Proxy
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 # 
 #   http://www.apache.org/licenses/LICENSE-2.0
 # 
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 # WARNING: if this script is changed, then all other initscripts MUST BE changed to match it as well
 . /etc/rc.d/init.d/functions
 # set environment variables
 SHORTNAME=`basename $0`
 PIDFILE=@PIDDIR@/"$SHORTNAME".pid
 LOCKFILE=@LOCKDIR@/"$SHORTNAME"
 LOGFILE=@CPLOG@
 PROGNAME="Cloud Console Proxy"
 unset OPTIONS
 [ -r @SYSCONFDIR@/sysconfig/"$SHORTNAME" ] && source @SYSCONFDIR@/sysconfig/"$SHORTNAME"
 DAEMONIZE=@BINDIR@/@PACKAGE@-daemonize
 PROG=@LIBEXECDIR@/console-proxy-runner
 start() {
        echo -n $"Starting $PROGNAME: "
 	if hostname --fqdn >/dev/null 2>&1 ; then
 		daemon --check=$SHORTNAME --pidfile=${PIDFILE} "$DAEMONIZE" \
 			-n "$SHORTNAME" -p "$PIDFILE" -l "$LOGFILE" "$PROG" $OPTIONS
 		RETVAL=$?
 		echo
 	else
 		failure
 		echo
 		echo The host name does not resolve properly to an IP address.  Cannot start "$PROGNAME". > /dev/stderr
 		RETVAL=9
 	fi
 	[ $RETVAL = 0 ] && touch ${LOCKFILE}
 	return $RETVAL
 }
 stop() {
 	echo -n $"Stopping $PROGNAME: "
 	killproc -p ${PIDFILE} $SHORTNAME # -d 10 $SHORTNAME
 	RETVAL=$?
 	echo
 	[ $RETVAL = 0 ] && rm -f ${LOCKFILE} ${PIDFILE}
 }
 # See how we were called.
 case "$1" in
  start)
 	start
 	;;
  stop)
 	stop
 	;;
  status)
        status -p ${PIDFILE} $SHORTNAME
 	RETVAL=$?
 	;;
  restart)
 	stop
 	sleep 3
 	start
 	;;
  condrestart)
 	if status -p ${PIDFILE} $SHORTNAME >&/dev/null; then
 		stop
 		sleep 3
 		start
 	fi
 	;;
  *)
 	echo $"Usage: $SHORTNAME {start|stop|restart|condrestart|status|help}"
 	RETVAL=3
 esac
 exit $RETVAL
--- a/systemvm/distro/ubuntu/SYSCONFDIR/init.d/cloud-console-proxy.in
+++ b/systemvm/distro/ubuntu/SYSCONFDIR/init.d/cloud-console-proxy.in
@ -1,110 +0,0 @@
 #!/bin/bash
 # chkconfig: 35 99 10
 # description: Cloud Console Proxy
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 # 
 #   http://www.apache.org/licenses/LICENSE-2.0
 # 
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 # WARNING: if this script is changed, then all other initscripts MUST BE changed to match it as well
 . /lib/lsb/init-functions
 . /etc/default/rcS
 # set environment variables
 SHORTNAME=`basename $0`
 PIDFILE=@PIDDIR@/"$SHORTNAME".pid
 LOCKFILE=@LOCKDIR@/"$SHORTNAME"
 LOGFILE=@CPLOG@
 PROGNAME="Cloud Console Proxy"
 unset OPTIONS
 [ -r @SYSCONFDIR@/default/"$SHORTNAME" ] && source @SYSCONFDIR@/default/"$SHORTNAME"
 DAEMONIZE=@BINDIR@/@PACKAGE@-daemonize
 PROG=@LIBEXECDIR@/console-proxy-runner
 start() {
        log_daemon_msg $"Starting $PROGNAME" "$SHORTNAME"
 	if [ -s "$PIDFILE" ] && kill -0 $(cat "$PIDFILE") >/dev/null 2>&1; then
 	      log_progress_msg "apparently already running"
 	      log_end_msg 0
 	      exit 0
 	fi
 	if hostname --fqdn >/dev/null 2>&1 ; then
 		true
 	else
 		log_failure_msg "The host name does not resolve properly to an IP address.  Cannot start $PROGNAME"
 		log_end_msg 1
 		exit 1
 	fi
 	if start-stop-daemon --start --quiet \
 		--pidfile "$PIDFILE" \
 		--exec "$DAEMONIZE" -- -n "$SHORTNAME" -p "$PIDFILE" -l "$LOGFILE" "$PROG" $OPTIONS
 		RETVAL=$?
 	    then
 		rc=0
 		sleep 1
 		if ! kill -0 $(cat "$PIDFILE") >/dev/null 2>&1; then
 		    log_failure_msg "$PROG failed to start"
 		    rc=1
 		fi
 	else
 		rc=1
 	fi
 	if [ $rc -eq 0 ]; then
 		log_end_msg 0
 	else
 		log_end_msg 1
 		rm -f "$PIDFILE"
 	fi
 }
 stop() {
 	echo -n $"Stopping $PROGNAME" "$SHORTNAME"
 	start-stop-daemon --stop --quiet --oknodo --pidfile "$PIDFILE"
 	log_end_msg $?
 	rm -f "$PIDFILE"
 }
 # See how we were called.
 case "$1" in
  start)
 	start
 	;;
  stop)
 	stop
 	;;
  status)
        status_of_proc -p "$PIDFILE" "$PROG" "$SHORTNAME"
 	RETVAL=$?
 	;;
  restart)
 	stop
 	sleep 3
 	start
 	;;
  *)
 	echo $"Usage: $SHORTNAME {start|stop|restart|status|help}"
 	RETVAL=3
 esac
 exit $RETVAL
--- a/systemvm/libexec/console-proxy-runner.in
+++ b/systemvm/libexec/console-proxy-runner.in
@ -1,90 +0,0 @@
 #!/usr/bin/env bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 # 
 #   http://www.apache.org/licenses/LICENSE-2.0
 # 
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 #run.sh runs the agent client.
 cd `dirname "$0"`
 SYSTEMJARS="@SYSTEMJARS@"
 SCP=$(build-classpath $SYSTEMJARS) ; if [ $? != 0 ] ; then SCP="@SYSTEMCLASSPATH@" ; fi
 DCP="@DEPSCLASSPATH@"
 ACP="@AGENTCLASSPATH@"
 export CLASSPATH=$SCP:$DCP:$ACP:@CPSYSCONFDIR@
 for jarfile in "@PREMIUMJAVADIR@"/* ; do
 	if [ ! -e "$jarfile" ] ; then continue ; fi
 	CLASSPATH=$jarfile:$CLASSPATH
 done
 for plugin in "@PLUGINJAVADIR@"/* ; do
 	if [ ! -e "$plugin" ] ; then continue ; fi
 	CLASSPATH=$plugin:$CLASSPATH
 done
 export CLASSPATH
 set -e
 cd "@CPLIBDIR@"
 echo Current directory is "$PWD"
 echo CLASSPATH to run the console proxy: "$CLASSPATH"
 export PATH=/sbin:/usr/sbin:"$PATH"
 SERVICEARGS=
 for x in private public ; do
 	configuration=`grep -q "^$x.network.device" "@CPSYSCONFDIR@"/agent.properties || true`
 	if [ -n "$CONFIGURATION" ] ; then
 		echo "Using manually-configured network device $CONFIGURATION"
 	else
 		defaultroute=`ip route | grep ^default | cut -d ' ' -f 5`
 		test -n "$defaultroute"
 		echo "Using auto-discovered network device $defaultroute which is the default route"
 		SERVICEARGS="$SERVICEARGS $x.network.device="$defaultroute
 	fi
 done
 function termagent() {
    if [ "$agentpid" != "" ] ; then
 	echo Killing VMOps Console Proxy "(PID $agentpid)" with SIGTERM >&2
 	kill -TERM $agentpid
 	echo Waiting for agent to exit >&2
 	wait $agentpid
 	ex=$?
 	echo Agent exited with return code $ex >&2	
    else
 	echo Agent PID is unknown >&2
    fi
 }
 trap termagent TERM
 while true ; do
 	java -Xms128M -Xmx384M -cp "$CLASSPATH" "$@" com.cloud.agent.AgentShell $SERVICEARGS &
 	agentpid=$!
 	echo "Console Proxy started.  PID: $!" >&2
 	wait $agentpid
 	ex=$?
 	if [ $ex -gt 128 ]; then
 		echo "wait on console proxy process interrupted by SIGTERM" >&2
 		exit $ex
 	fi
 	echo "Console proxy exited with return code $ex" >&2
 	if [ $ex -eq 0 ] || [ $ex -eq 1 ] || [ $ex -eq 66 ] || [ $ex -gt 128 ]; then
 		echo "Exiting..." > /dev/stderr
 		exit $ex
 	fi
 	echo "Restarting console proxy..." > /dev/stderr
 	sleep 1
 done
--- a/systemvm/patches/debian/README
+++ b/systemvm/patches/debian/README
@ -1,34 +0,0 @@
 ####################################################
 Note there is a new systemvm build script based on
 Veewee(Vagrant) under tools/appliance.
 ####################################################
 1. The buildsystemvm.sh script builds a 32-bit system vm disk based on the Debian Squeeze distro. This system vm can boot on any hypervisor thanks to the pvops support in the kernel. It is fully automated
 2. The files under config/ are the specific tweaks to the default Debian configuration that are required for CloudStack operation.
 3. The variables at the top of the buildsystemvm.sh script can be customized:
 	IMAGENAME=systemvm # dont touch this
 	LOCATION=/var/lib/images/systemvm #
 	MOUNTPOINT=/mnt/$IMAGENAME/ # this is where the image is mounted on your host while the vm image is built
 	IMAGELOC=$LOCATION/$IMAGENAME.img
 	PASSWORD=password # password for the vm
 	APT_PROXY= #you can put in an APT cacher such as apt-cacher-ng
 	HOSTNAME=systemvm # dont touch this
 	SIZE=2000 # dont touch this for now
 	DEBIAN_MIRROR=ftp.us.debian.org/debian 
 	MINIMIZE=true # if this is true, a lot of docs, fonts, locales and apt cache is wiped out
 4. The systemvm includes the (non-free) Sun JRE. You can put in the standard debian jre-headless package instead but it pulls in X and bloats the image. 
 5. You need to be 'root' to run the buildsystemvm.sh script
 6. The image is a raw image. You can run the convert.sh tool to produce images suitable for Citrix Xenserver, VMWare and KVM. 
   * Conversion to Citrix Xenserver VHD format requires the vhd-util tool. You can use the 
       -- checked in config/bin/vhd-util) OR
       -- build the vhd-util tool yourself as follows:
           a. The xen repository has a tool called vhd-util that compiles and runs on any linux system (http://xenbits.xensource.com/xen-4.0-testing.hg?file/8e8dd38374e9/tools/blktap2/vhd/ or full Xen source at http://www.xen.org/products/xen_source.html).
           b. Apply this patch: http://lists.xensource.com/archives/cgi-bin/mesg.cgi?a=xen-devel&i=006101cb22f6%242004dd40%24600e97c0%24%40zhuo%40cloudex.cn.
           c. Build the vhd-util tool
               cd tools/blktap2
               make
               sudo make install
   * Conversion to ova (VMWare) requires the ovf tool, available from 
       http://communities.vmware.com/community/vmtn/server/vsphere/automationtools/ovf
   * Conversion to QCOW2 requires qemu-img
--- a/systemvm/patches/debian/config.dat
+++ b/systemvm/patches/debian/config.dat
--- a/systemvm/patches/debian/config/etc/chef/node.json
+++ b/systemvm/patches/debian/config/etc/chef/node.json
@ -1,5 +0,0 @@
 {
  "run_list": [
    "recipe[csip::default]"
  ]
 }
--- a/systemvm/patches/debian/config/etc/chef/solo.rb
+++ b/systemvm/patches/debian/config/etc/chef/solo.rb
@ -1,21 +0,0 @@
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 data_bags_path "/var/chef/data_bags"
 cookbook_path "/var/chef/cookbooks"
 log_level :debug
 log_location STDOUT
--- a/systemvm/patches/debian/config/opt/cloud/templates/README
+++ b/systemvm/patches/debian/config/opt/cloud/templates/README
@ -1,2 +0,0 @@
 These are the templates for the redundant router 
 and redundant vpc_router
--- a/systemvm/patches/debian/config/opt/cloud/testdata/acl0001.json
+++ b/systemvm/patches/debian/config/opt/cloud/testdata/acl0001.json
@ -1,54 +0,0 @@
 {
    "eth2": {
        "device": "eth2", 
        "egress_rules": [
            {
                "allowed": false, 
                "cidr": "10.0.6.0/8", 
                "first_port": 60, 
                "last_port": 60, 
                "type": "tcp"
            }
        ], 
        "ingress_rules": [
            {
                "allowed": true, 
                "cidr": "10.0.1.0/8", 
                "protocol": 41, 
                "type": "protocol"
            }, 
            {
                "allowed": true, 
                "cidr": "10.0.4.0/8", 
                "type": "all"
            }, 
            {
                "allowed": true, 
                "cidr": "10.0.3.0/8", 
                "icmp_code": -1, 
                "icmp_type": -1, 
                "type": "icmp"
            }, 
            {
                "allowed": true, 
                "cidr": "10.0.2.0/8", 
                "first_port": 40, 
                "last_port": 40, 
                "type": "udp"
            }, 
            {
                "allowed": true, 
                "cidr": "10.0.1.0/8", 
                "first_port": 30, 
                "last_port": 30, 
                "type": "tcp"
            }
        ], 
        "mac_address": "02:00:0d:7b:00:04", 
        "nic_ip": "172.16.1.1", 
        "nic_netmask": "24", 
        "private_gateway_acl": false, 
        "type": "networkacl"
    }, 
    "id": "networkacl"
 }
--- a/systemvm/patches/debian/config/root/redundant_router/arping_gateways.sh.templ
+++ b/systemvm/patches/debian/config/root/redundant_router/arping_gateways.sh.templ
@ -1,29 +0,0 @@
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist
 while read i
 do
    ip addr show $i|grep "inet " > /tmp/iplist_$i
    while read line
    do
        ip=`echo $line|cut -d " " -f 2|cut -d "/" -f 1`
        arping -I $i -A $ip -c 1 >> [RROUTER_LOG] 2>&1
        arping -I $i -A $ip -c 1 >> [RROUTER_LOG] 2>&1
    done < /tmp/iplist_$i
 done < /tmp/iflist
 sleep 1
--- a/systemvm/patches/debian/config/root/redundant_router/backup.sh.templ
+++ b/systemvm/patches/debian/config/root/redundant_router/backup.sh.templ
@ -1,39 +0,0 @@
 #!/bin/bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 sleep 1
 source /root/func.sh
 lock="biglock"
 locked=$(getLockFile $lock)
 if [ "$locked" != "1" ]
 then
    exit 1
 fi
 echo To backup called >> [RROUTER_LOG]
 [RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
 echo Disable public ip $? >> [RROUTER_LOG]
 [RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
 [RROUTER_BIN_PATH]/primary-backup.sh backup >> [RROUTER_LOG] 2>&1
 echo Switch conntrackd mode backup $? >> [RROUTER_LOG]
 echo Status: BACKUP >> [RROUTER_LOG]
 releaseLockFile $lock $locked
 exit 0
--- a/systemvm/patches/debian/config/root/redundant_router/check_bumpup.sh
+++ b/systemvm/patches/debian/config/root/redundant_router/check_bumpup.sh
@ -1,19 +0,0 @@
 #!/bin/bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 cat /tmp/rrouter_bumped
--- a/systemvm/patches/debian/config/root/redundant_router/check_heartbeat.sh.templ
+++ b/systemvm/patches/debian/config/root/redundant_router/check_heartbeat.sh.templ
@ -1,60 +0,0 @@
 #!/bin/bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 ROUTER_BIN_PATH=/ramdisk/rrouter
 STRIKE_FILE="$ROUTER_BIN_PATH/keepalived.strikes"
 if [ -e [RROUTER_BIN_PATH]/keepalived.ts2 ]
 then
    lasttime=$(cat [RROUTER_BIN_PATH]/keepalived.ts2)
    thistime=$(cat [RROUTER_BIN_PATH]/keepalived.ts)
    diff=$(($thistime - $lasttime))
    s=0
    if [ $diff -lt 30 ]
    then
        if [ -e $STRIKE_FILE ]
        then
            s=`cat $STRIKE_FILE 2>/dev/null`
        fi
        s=$(($s+1))
        echo $s > $STRIKE_FILE
    else
        if [ -e $STRIKE_FILE ]
        then
            rm $STRIKE_FILE
        else
            echo keepalived.strikes file does not exist! >> $ROUTER_LOG
        fi
    fi
    #3 strikes rule
    if [ $s -gt 2 ]
    then
        echo Keepalived process is dead! >> [RROUTER_LOG]
        [RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
        [RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
        [RROUTER_BIN_PATH]/primary-backup.sh fault >> [RROUTER_LOG] 2>&1
        service keepalived stop >> [RROUTER_LOG] 2>&1
        service conntrackd stop >> [RROUTER_LOG] 2>&1
        pkill -9 keepalived >> [RROUTER_LOG] 2>&1
        pkill -9 conntrackd >> [RROUTER_LOG] 2>&1
        echo Status: FAULT \(keepalived process is dead\) >> [RROUTER_LOG]
        exit
    fi
 fi
 cp [RROUTER_BIN_PATH]/keepalived.ts [RROUTER_BIN_PATH]/keepalived.ts2
--- a/systemvm/patches/debian/config/root/redundant_router/checkrouter.sh.templ
+++ b/systemvm/patches/debian/config/root/redundant_router/checkrouter.sh.templ
@ -1,56 +0,0 @@
 #!/bin/bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 source /root/func.sh
 nolock=0
 if [ $# -eq 1 ]
 then
    if [ $1 == "--no-lock" ]
    then
        nolock=1
    fi
 fi
 if [ $nolock -eq 0 ]
 then
    lock="biglock"
    locked=$(getLockFile $lock)
    if [ "$locked" != "1" ]
    then
        exit 1
    fi
 fi
 bumped="Bumped: NO"
 if [ -e /tmp/rrouter_bumped ]
 then
    bumped="Bumped: YES"
 fi
 stat=`tail -n 1 [RROUTER_LOG] | grep "Status"`
 if [ $? -eq 0 ]
 then
    echo "$stat&$bumped"
 fi
 if [ $nolock -eq 0 ]
 then
    unlock_exit $? $lock $locked
 fi
--- a/systemvm/patches/debian/config/root/redundant_router/conntrackd.conf.templ
+++ b/systemvm/patches/debian/config/root/redundant_router/conntrackd.conf.templ
@ -1,401 +0,0 @@
 #
 # Synchronizer settings
 #
 Sync {
 	Mode FTFW {
 		#
 		# Size of the resend queue (in objects). This is the maximum
 		# number of objects that can be stored waiting to be confirmed
 		# via acknoledgment. If you keep this value low, the daemon
 		# will have less chances to recover state-changes under message
 		# omission. On the other hand, if you keep this value high,
 		# the daemon will consume more memory to store dead objects.
 		# Default is 131072 objects.
 		#
 		# ResendQueueSize 131072
 		#
 		# This parameter allows you to set an initial fixed timeout
 		# for the committed entries when this node goes from backup
 		# to primary. This mechanism provides a way to purge entries
 		# that were not recovered appropriately after the specified
 		# fixed timeout. If you set a low value, TCP entries in
 		# Established states with no traffic may hang. For example,
 		# an SSH connection without KeepAlive enabled. If not set,
 		# the daemon uses an approximate timeout value calculation
 		# mechanism. By default, this option is not set.
 		#
 		# CommitTimeout 180
 		#
 		# If the firewall replica goes from primary to backup,
 		# the conntrackd -t command is invoked in the script. 
 		# This command schedules a flush of the table in N seconds.
 		# This is useful to purge the connection tracking table of
 		# zombie entries and avoid clashes with old entries if you
 		# trigger several consecutive hand-overs. Default is 60 seconds.
 		#
 		# PurgeTimeout 60
 		# Set the acknowledgement window size. If you decrease this
 		# value, the number of acknowlegdments increases. More
 		# acknowledgments means more overhead as conntrackd has to
 		# handle more control messages. On the other hand, if you
 		# increase this value, the resend queue gets more populated.
 		# This results in more overhead in the queue releasing.
 		# The following value is based on some practical experiments
 		# measuring the cycles spent by the acknowledgment handling
 		# with oprofile. If not set, default window size is 300.
 		#
 		# ACKWindowSize 300
 		#
 		# This clause allows you to disable the external cache. Thus,
 		# the state entries are directly injected into the kernel
 		# conntrack table. As a result, you save memory in user-space
 		# but you consume slots in the kernel conntrack table for
 		# backup state entries. Moreover, disabling the external cache
 		# means more CPU consumption. You need a Linux kernel
 		# >= 2.6.29 to use this feature. By default, this clause is
 		# set off. If you are installing conntrackd for first time,
 		# please read the user manual and I encourage you to consider
 		# using the fail-over scripts instead of enabling this option!
 		#
 		# DisableExternalCache Off
 	}
 	#
 	# Multicast IP and interface where messages are
 	# broadcasted (dedicated link). IMPORTANT: Make sure
 	# that iptables accepts traffic for destination
 	# 225.0.0.50, eg:
 	#
 	#	iptables -I INPUT -d 225.0.0.50 -j ACCEPT
 	#	iptables -I OUTPUT -d 225.0.0.50 -j ACCEPT
 	#
 	Multicast {
 		# 
 		# Multicast address: The address that you use as destination
 		# in the synchronization messages. You do not have to add
 		# this IP to any of your existing interfaces. If any doubt,
 		# do not modify this value.
 		#
 		IPv4_address 225.0.0.50
 		#
 		# The multicast group that identifies the cluster. If any
 		# doubt, do not modify this value.
 		#
 		Group 3780
 		#
 		# IP address of the interface that you are going to use to
 		# send the synchronization messages. Remember that you must
 		# use a dedicated link for the synchronization messages.
 		#
 		IPv4_interface [LINK_IP]
 		#
 		# The name of the interface that you are going to use to
 		# send the synchronization messages.
 		#
 		Interface [LINK_IF]
 		# The multicast sender uses a buffer to enqueue the packets
 		# that are going to be transmitted. The default size of this
 		# socket buffer is available at /proc/sys/net/core/wmem_default.
 		# This value determines the chances to have an overrun in the
 		# sender queue. The overrun results packet loss, thus, losing
 		# state information that would have to be retransmitted. If you
 		# notice some packet loss, you may want to increase the size
 		# of the sender buffer. The default size is usually around
 		# ~100 KBytes which is fairly small for busy firewalls.
 		#
 		SndSocketBuffer 1249280
 		# The multicast receiver uses a buffer to enqueue the packets
 		# that the socket is pending to handle. The default size of this
 		# socket buffer is available at /proc/sys/net/core/rmem_default.
 		# This value determines the chances to have an overrun in the
 		# receiver queue. The overrun results packet loss, thus, losing
 		# state information that would have to be retransmitted. If you
 		# notice some packet loss, you may want to increase the size of
 		# the receiver buffer. The default size is usually around
 		# ~100 KBytes which is fairly small for busy firewalls.
 		#
 		RcvSocketBuffer 1249280
 		# 
 		# Enable/Disable message checksumming. This is a good
 		# property to achieve fault-tolerance. In case of doubt, do
 		# not modify this value.
 		#
 		Checksum on
 	}
 	#
 	# You can specify more than one dedicated link. Thus, if one dedicated
 	# link fails, conntrackd can fail-over to another. Note that adding
 	# more than one dedicated link does not mean that state-updates will
 	# be sent to all of them. There is only one active dedicated link at
 	# a given moment. The `Default' keyword indicates that this interface
 	# will be selected as the initial dedicated link. You can have 
 	# up to 4 redundant dedicated links. Note: Use different multicast 
 	# groups for every redundant link.
 	#
 	# Multicast Default {
 	#	IPv4_address 225.0.0.51
 	#	Group 3781
 	#	IPv4_interface 192.168.100.101
 	#	Interface eth3
 	#	# SndSocketBuffer 1249280
 	#	# RcvSocketBuffer 1249280
 	#	Checksum on
 	# }
 	#
 	# You can use Unicast UDP instead of Multicast to propagate events.
 	# Note that you cannot use unicast UDP and Multicast at the same
 	# time, you can only select one.
 	# 
 	# UDP {
 		# 
 		# UDP address that this firewall uses to listen to events.
 		#
 		# IPv4_address 192.168.2.100
 		#
 		# or you may want to use an IPv6 address:
 		#
 		# IPv6_address fe80::215:58ff:fe28:5a27
 		#
 		# Destination UDP address that receives events, ie. the other
 		# firewall's dedicated link address.
 		#
 		# IPv4_Destination_Address 192.168.2.101
 		#
 		# or you may want to use an IPv6 address:
 		#
 		# IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c
 		#
 		# UDP port used
 		#
 		# Port 3780
 		#
 		# The name of the interface that you are going to use to
 		# send the synchronization messages.
 		#
 		# Interface eth2
 		# 
 		# The sender socket buffer size
 		#
 		# SndSocketBuffer 1249280
 		#
 		# The receiver socket buffer size
 		#
 		# RcvSocketBuffer 1249280
 		# 
 		# Enable/Disable message checksumming. 
 		#
 		# Checksum on
 	# }
 }
 #
 # General settings
 #
 General {
 	#
 	# Set the nice value of the daemon, this value goes from -20
 	# (most favorable scheduling) to 19 (least favorable). Using a
 	# very low value reduces the chances to lose state-change events.
 	# Default is 0 but this example file sets it to most favourable
 	# scheduling as this is generally a good idea. See man nice(1) for
 	# more information.
 	#
 	Nice -20
 	#
 	# Select a different scheduler for the daemon, you can select between
 	# RR and FIFO and the process priority (minimum is 0, maximum is 99).
 	# See man sched_setscheduler(2) for more information. Using a RT
 	# scheduler reduces the chances to overrun the Netlink buffer.
 	#
 	# Scheduler {
 	#	Type FIFO
 	#	Priority 99
 	# }
 	#
 	# Number of buckets in the cache hashtable. The bigger it is,
 	# the closer it gets to O(1) at the cost of consuming more memory.
 	# Read some documents about tuning hashtables for further reference.
 	#
 	HashSize 32768
 	#
 	# Maximum number of conntracks, it should be double of: 
 	# $ cat /proc/sys/net/netfilter/nf_conntrack_max
 	# since the daemon may keep some dead entries cached for possible
 	# retransmission during state synchronization.
 	#
 	HashLimit 131072
 	#
 	# Logfile: on (/var/log/conntrackd.log), off, or a filename
 	# Default: off
 	#
 	LogFile on
 	#
 	# Syslog: on, off or a facility name (daemon (default) or local0..7)
 	# Default: off
 	#
 	#Syslog on
 	#
 	# Lockfile
 	# 
 	LockFile /var/lock/conntrack.lock
 	#
 	# Unix socket configuration
 	#
 	UNIX {
 		Path /var/run/conntrackd.ctl
 		Backlog 20
 	}
 	#
 	# Netlink event socket buffer size. If you do not specify this clause,
 	# the default buffer size value in /proc/net/core/rmem_default is
 	# used. This default value is usually around 100 Kbytes which is
 	# fairly small for busy firewalls. This leads to event message dropping
 	# and high CPU consumption. This example configuration file sets the
 	# size to 2 MBytes to avoid this sort of problems.
 	#
 	NetlinkBufferSize 2097152
 	#
 	# The daemon doubles the size of the netlink event socket buffer size
 	# if it detects netlink event message dropping. This clause sets the
 	# maximum buffer size growth that can be reached. This example file
 	# sets the size to 8 MBytes.
 	#
 	NetlinkBufferSizeMaxGrowth 8388608
 	#
 	# If the daemon detects that Netlink is dropping state-change events,
 	# it automatically schedules a resynchronization against the Kernel
 	# after 30 seconds (default value). Resynchronizations are expensive
 	# in terms of CPU consumption since the daemon has to get the full
 	# kernel state-table and purge state-entries that do not exist anymore.
 	# Be careful of setting a very small value here. You have the following
 	# choices: On (enabled, use default 30 seconds value), Off (disabled)
 	# or Value (in seconds, to set a specific amount of time). If not
 	# specified, the daemon assumes that this option is enabled.
 	#
 	# NetlinkOverrunResync On
 	#
 	# If you want reliable event reporting over Netlink, set on this
 	# option. If you set on this clause, it is a good idea to set off
 	# NetlinkOverrunResync. This option is off by default and you need
 	# a Linux kernel >= 2.6.31.
 	#
 	# NetlinkEventsReliable Off
 	# 
 	# By default, the daemon receives state updates following an
 	# event-driven model. You can modify this behaviour by switching to
 	# polling mode with the PollSecs clause. This clause tells conntrackd
 	# to dump the states in the kernel every N seconds. With regards to
 	# synchronization mode, the polling mode can only guarantee that
 	# long-lifetime states are recovered. The main advantage of this method
 	# is the reduction in the state replication at the cost of reducing the
 	# chances of recovering connections.
 	#
 	# PollSecs 15
 	#
 	# The daemon prioritizes the handling of state-change events coming
 	# from the core. With this clause, you can set the maximum number of
 	# state-change events (those coming from kernel-space) that the daemon
 	# will handle after which it will handle other events coming from the
 	# network or userspace. A low value improves interactivity (in terms of
 	# real-time behaviour) at the cost of extra CPU consumption.
 	# Default (if not set) is 100.
 	#
 	# EventIterationLimit 100
 	#
 	# Event filtering: This clause allows you to filter certain traffic,
 	# There are currently three filter-sets: Protocol, Address and
 	# State. The filter is attached to an action that can be: Accept or
 	# Ignore. Thus, you can define the event filtering policy of the
 	# filter-sets in positive or negative logic depending on your needs.
 	# You can select if conntrackd filters the event messages from 
 	# user-space or kernel-space. The kernel-space event filtering
 	# saves some CPU cycles by avoiding the copy of the event message
 	# from kernel-space to user-space. The kernel-space event filtering
 	# is prefered, however, you require a Linux kernel >= 2.6.29 to
 	# filter from kernel-space. If you want to select kernel-space 
 	# event filtering, use the keyword 'Kernelspace' instead of 
 	# 'Userspace'.
 	#
 	Filter From Userspace {
 		#
 		# Accept only certain protocols: You may want to replicate
 		# the state of flows depending on their layer 4 protocol.
 		#
 		Protocol Accept {
 			TCP
 			SCTP
 			DCCP
 			# UDP
 			# ICMP # This requires a Linux kernel >= 2.6.31
 		}
 		#
 		# Ignore traffic for a certain set of IP's: Usually all the
 		# IP assigned to the firewall since local traffic must be
 		# ignored, only forwarded connections are worth to replicate.
 		# Note that these values depends on the local IPs that are
 		# assigned to the firewall.
 		#
 		Address Ignore {
 			IPv4_address 127.0.0.1 # loopback
            IPv4_address [IGNORE_IP1]
            IPv4_address [IGNORE_IP2]
            IPv4_address [IGNORE_IP3]
 			#IPv4_address 192.168.0.100 # virtual IP 1
 			#IPv4_address 192.168.1.100 # virtual IP 2
 			#IPv4_address 192.168.0.1
 			#IPv4_address 192.168.1.1
 			#IPv4_address 192.168.100.100 # dedicated link ip
 			#
 			# You can also specify networks in format IP/cidr.
 			# IPv4_address 192.168.0.0/24
 			#
 			# You can also specify an IPv6 address
 			# IPv6_address ::1
 		}
 		#
 		# Uncomment this line below if you want to filter by flow state.
 		# This option introduces a trade-off in the replication: it
 		# reduces CPU consumption at the cost of having lazy backup 
 		# firewall replicas. The existing TCP states are: SYN_SENT,
 		# SYN_RECV, ESTABLISHED, FIN_WAIT, CLOSE_WAIT, LAST_ACK,
 		# TIME_WAIT, CLOSED, LISTEN.
 		#
 		# State Accept {
 		#	ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP
 		# }
 	}
 }
--- a/systemvm/patches/debian/config/root/redundant_router/disable_pubip.sh
+++ b/systemvm/patches/debian/config/root/redundant_router/disable_pubip.sh
@ -1,23 +0,0 @@
 #!/bin/bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist
 while read i
 do
    ifconfig $i down
 done < /tmp/iflist
--- a/systemvm/patches/debian/config/root/redundant_router/enable_pubip.sh.templ
+++ b/systemvm/patches/debian/config/root/redundant_router/enable_pubip.sh.templ
@ -1,50 +0,0 @@
 #!/bin/bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist
 ip addr show eth2 | grep "inet" 2>&1 > /dev/null
 is_init=$?
 set -e
 while read i
 do
    # if eth2'ip has already been configured, we would use ifconfig rather than ifdown/ifup
    if [ "$i" == "eth2" -a "$is_init" != "0" ]
    then
        ifdown $i
        ifup $i
    else
        ifconfig $i down
        ifconfig $i up
    fi
 done < /tmp/iflist
 ip route add default via [GATEWAY] dev eth2
 while read line
 do
 dev=$(echo $line | awk '{print $1'})
 gw=$(echo $line | awk '{print $2'})
 if [ "$dev" == "eth2" ]
 then
    continue;
 fi
 ip route add default via $gw table Table_$dev proto static
 done < /var/cache/cloud/ifaceGwIp
--- a/systemvm/patches/debian/config/root/redundant_router/fault.sh.templ
+++ b/systemvm/patches/debian/config/root/redundant_router/fault.sh.templ
@ -1,37 +0,0 @@
 #!/bin/bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 source /root/func.sh
 lock="biglock"
 locked=$(getLockFile $lock)
 if [ "$locked" != "1" ]
 then
    exit 1
 fi
 echo To fault called >> [RROUTER_LOG]
 [RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
 echo Disable public ip >> [RROUTER_LOG]
 [RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
 echo Stop services $? >> [RROUTER_LOG]
 [RROUTER_BIN_PATH]/primary-backup.sh fault >> [RROUTER_LOG] 2>&1
 echo Switch conntrackd mode fault $? >> [RROUTER_LOG]
 echo Status: FAULT >> [RROUTER_LOG]
 releaseLockFile $lock $locked
--- a/systemvm/patches/debian/config/root/redundant_router/heartbeat.sh.templ
+++ b/systemvm/patches/debian/config/root/redundant_router/heartbeat.sh.templ
@ -1,20 +0,0 @@
 #!/bin/bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 t=$(date +%s)
 echo $t > [RROUTER_BIN_PATH]/keepalived.ts
--- a/systemvm/patches/debian/config/root/redundant_router/keepalived.conf.templ
+++ b/systemvm/patches/debian/config/root/redundant_router/keepalived.conf.templ
@ -1,57 +0,0 @@
 ! Licensed to the Apache Software Foundation (ASF) under one
 ! or more contributor license agreements.  See the NOTICE file
 ! distributed with this work for additional information
 ! regarding copyright ownership.  The ASF licenses this file
 ! to you under the Apache License, Version 2.0 (the
 ! "License"); you may not use this file except in compliance
 ! with the License.  You may obtain a copy of the License at
 !
 !   http://www.apache.org/licenses/LICENSE-2.0
 !
 ! Unless required by applicable law or agreed to in writing,
 ! software distributed under the License is distributed on an
 ! "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 ! KIND, either express or implied.  See the License for the
 ! specific language governing permissions and limitations
 ! under the License.
 global_defs {
   router_id [ROUTER_ID]
 }
 vrrp_script check_bumpup {
    script "[RROUTER_BIN_PATH]/check_bumpup.sh"
    interval 5
    weight [DELTA]
 }
 vrrp_script heartbeat {
    script "[RROUTER_BIN_PATH]/heartbeat.sh"
    interval 10
 }
 vrrp_instance inside_network {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority [PRIORITY]
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass WORD
    }
    virtual_ipaddress {
        [ROUTER_IP] brd [BOARDCAST] dev eth0
    }
    track_script {
        check_bumpup
        heartbeat
    }
    notify_master "[RROUTER_BIN_PATH]/master.sh"
    notify_backup "[RROUTER_BIN_PATH]/backup.sh"
    notify_fault "[RROUTER_BIN_PATH]/fault.sh"
 }
--- a/systemvm/patches/debian/config/root/redundant_router/master.sh.templ
+++ b/systemvm/patches/debian/config/root/redundant_router/master.sh.templ
@ -1,60 +0,0 @@
 #!/bin/bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 source /root/func.sh
 lock="biglock"
 locked=$(getLockFile $lock)
 if [ "$locked" != "1" ]
 then
    exit 1
 fi
 echo To master called >> [RROUTER_LOG]
 [RROUTER_BIN_PATH]/enable_pubip.sh >> [RROUTER_LOG] 2>&1
 ret=$?
 if [ $ret -eq 0 ]
 then
    [RROUTER_BIN_PATH]/services.sh restart >> [RROUTER_LOG] 2>&1
    ret=$?
 fi
 last_msg=`tail -n 1 [RROUTER_LOG]`
 echo Enable public ip returned $ret >> [RROUTER_LOG]
 if [ $ret -ne 0 ]
 then
    echo Fail to enable public ip! >> [RROUTER_LOG]
    [RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
    [RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
    service keepalived stop >> [RROUTER_LOG] 2>&1
    service conntrackd stop >> [RROUTER_LOG] 2>&1
    echo Status: FAULT \($last_msg\) >> [RROUTER_LOG]
    releaseLockFile $lock $locked
    exit
 fi
 [RROUTER_BIN_PATH]/primary-backup.sh primary >> [RROUTER_LOG] 2>&1
 ret=$?
 echo Switch conntrackd mode primary returned $ret >> [RROUTER_LOG]
 if [ $ret -ne 0 ]
 then
    echo Fail to switch conntrackd mode, but try to continue working >> [RROUTER_LOG]
 fi
 [RROUTER_BIN_PATH]/arping_gateways.sh
 echo Status: MASTER >> [RROUTER_LOG]
 releaseLockFile $lock $locked
 exit 0
--- a/systemvm/patches/debian/config/root/redundant_router/primary-backup.sh.templ
+++ b/systemvm/patches/debian/config/root/redundant_router/primary-backup.sh.templ
@ -1,126 +0,0 @@
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 CONNTRACKD_BIN=/usr/sbin/conntrackd
 CONNTRACKD_LOCK=/var/lock/conntrack.lock
 CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf
 CONNTRACKD_LOG=[RROUTER_LOG]
 case "$1" in
  primary)
    #
    # commit the external cache into the kernel table
    #
    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c
    if [ $? -eq 1 ]
    then
        logger "ERROR: failed to invoke conntrackd -c"
    fi
    #
    # flush the internal and the external caches
    #
    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -f
    if [ $? -eq 1 ]
    then
    	logger "ERROR: failed to invoke conntrackd -f"
    fi
    #
    # resynchronize my internal cache to the kernel table
    #
    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -R
    if [ $? -eq 1 ]
    then
    	logger "ERROR: failed to invoke conntrackd -R"
    fi
    #
    # send a bulk update to backups 
    #
    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -B
    if [ $? -eq 1 ]
    then
        logger "ERROR: failed to invoke conntrackd -B"
    fi
    echo Conntrackd switch to primary done >> $CONNTRACKD_LOG
    ;;
  backup)
    #
    # is conntrackd running? request some statistics to check it
    #
    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -s
    if [ $? -eq 1 ]
    then
        #
 	# something's wrong, do we have a lock file?
 	#
    	if [ -f $CONNTRACKD_LOCK ]
 	then
 	    logger "WARNING: conntrackd was not cleanly stopped."
 	    logger "If you suspect that it has crashed:"
 	    logger "1) Enable coredumps"
 	    logger "2) Try to reproduce the problem"
 	    logger "3) Post the coredump to netfilter-devel@vger.kernel.org"
 	    rm -f $CONNTRACKD_LOCK
 	fi
 	$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d
 	if [ $? -eq 1 ]
 	then
 	    logger "ERROR: cannot launch conntrackd"
 	    exit 1
 	fi
    fi
    #
    # shorten kernel conntrack timers to remove the zombie entries.
    #
    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
    if [ $? -eq 1 ]
    then
    	logger "ERROR: failed to invoke conntrackd -t"
    fi
    #
    # request resynchronization with master firewall replica (if any)
    # Note: this does nothing in the alarm approach.
    #
    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -n
    if [ $? -eq 1 ]
    then
    	logger "ERROR: failed to invoke conntrackd -n"
    fi
    echo Conntrackd switch to backup done >> $CONNTRACKD_LOG
    ;;
  fault)
    #
    # shorten kernel conntrack timers to remove the zombie entries.
    #
    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
    if [ $? -eq 1 ]
    then
    	logger "ERROR: failed to invoke conntrackd -t"
    fi
    echo Conntrackd switch to fault done >> $CONNTRACKD_LOG
    ;;
  *)
    logger "conntrackd: ERROR: unknown state transition: " $1
    echo "Usage: primary-backup.sh {primary|backup|fault}"
    exit 1
    ;;
 esac
 exit 0
--- a/systemvm/patches/debian/config/root/redundant_router/services.sh
+++ b/systemvm/patches/debian/config/root/redundant_router/services.sh
@ -1,68 +0,0 @@
 #!/bin/bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 vpn_service() {
 	ps aux|grep ipsec | grep -v grep > /dev/null
 	no_vpn=$?
 	if [ $no_vpn -eq 1 ]
 	then
 		return 0
 	fi
 	r=0
 	case "$1" in
 		stop)
 			service ipsec stop && \
 			service xl2tpd stop
 			r=$?
 			;;
 		restart)
 			service ipsec restart && \
 			service xl2tpd restart
 			r=$?
 			;;
 	esac
 	return $r
 }
 ret=0
 case "$1" in
    start)
 	vpn_service restart && \
        service cloud-passwd-srvr start && \
        service dnsmasq start
 	ret=$?
        ;;
    stop)
 	vpn_service stop && \
        service cloud-passwd-srvr stop && \
        service dnsmasq stop
 	ret=$?
        ;;
    restart)
 	vpn_service restart && \
        service cloud-passwd-srvr restart && \
        service dnsmasq restart
 	ret=$?
        ;;
    *)
        echo "Usage: services {start|stop|restart}"
        exit 1
 	;;
 esac
 exit $ret
--- a/systemvm/patches/debian/convert.sh
+++ b/systemvm/patches/debian/convert.sh
@ -1,64 +0,0 @@
 #!/bin/bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 # 
 #   http://www.apache.org/licenses/LICENSE-2.0
 # 
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 begin=$(date +%s)
 echo "Backing up systemvm.img"
 cp systemvm.img systemvm.img.tmp
 echo "Converting raw image to fixed vhd"
 vhd-util convert -s 0 -t 1 -i systemvm.img.tmp -o systemvm.vhd &> /dev/null
 echo "Converting fixed vhd to dynamic vhd"
 vhd-util convert -s 1 -t 2 -i systemvm.vhd -o systemvm.vhd &> /dev/null
 echo "Compressing vhd..."
 bzip2 -c systemvm.vhd > systemvm.vhd.bz2
 echo "Done VHD"
 echo "Converting raw image to qcow2"
 qemu-img  convert -f raw -O qcow2 systemvm.img systemvm.qcow2
 echo "Compressing qcow2..."
 bzip2 -c systemvm.qcow2 > systemvm.qcow2.bz2
 echo "Done qcow2"
 echo "Converting raw image to vmdk"
 qemu-img  convert -f raw -O vmdk systemvm.img systemvm.vmdk
 echo "Done creating vmdk"
 echo "Creating ova appliance "
 ovftool systemvm.vmx systemvm.ova
 echo "Done creating OVA"
 echo "Cleaning up..."
 rm -vf systemvm.vmdk
 rm -vf systemvm.vhd.bak
 echo "Compressing raw image..."
 bzip2 -c systemvm.img > systemvm.img.bz2
 echo "Done compressing raw image"
 echo "Generating md5sums"
 md5sum systemvm.img  > md5sum
 md5sum systemvm.img.bz2  >> md5sum
 md5sum systemvm.vhd  >> md5sum
 md5sum systemvm.vhd.bz2  >> md5sum
 md5sum systemvm.qcow2  >> md5sum
 md5sum systemvm.qcow2.bz2  >> md5sum
 md5sum systemvm.ova  >> md5sum
 fin=$(date +%s)
 t=$((fin-begin))
 echo "Finished compressing/converting image in $t seconds"
--- a/systemvm/patches/debian/config/etc/apache2/httpd.conf
+++ b/systemvm/patches/debian/config/etc/apache2/httpd.conf
--- a/systemvm/patches/debian/config/etc/apache2/vhost.template
+++ b/systemvm/patches/debian/config/etc/apache2/vhost.template
@ -235,4 +235,3 @@ Listen 10.1.1.1:80
 <IfModule mod_gnutls.c>
    Listen 10.1.1.1:443
 </IfModule>
--- a/systemvm/patches/debian/config/etc/cloud-nic.rules
+++ b/systemvm/patches/debian/config/etc/cloud-nic.rules
@ -1,2 +1 @@
 SUBSYSTEM=="net" KERNEL=="eth*" RUN+="/opt/cloud/bin/cloud-nic.sh $env{ACTION} %k"
--- a/systemvm/patches/debian/config/etc/dnsmasq.conf.tmpl
+++ b/systemvm/patches/debian/config/etc/dnsmasq.conf.tmpl
--- a/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg
+++ b/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg
--- a/systemvm/patches/debian/config/etc/init.d/cloud-early-config
+++ b/systemvm/patches/debian/config/etc/init.d/cloud-early-config
--- a/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr
+++ b/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr
@ -104,12 +104,12 @@ case "$1" in
   start) start
 	  ;;
    stop) stop
- 	  ;;
+	  ;;
    status) status
- 	  ;;
+	  ;;
 restart) stop
          start
- 	  ;;
+	  ;;
       *) echo "Usage: $0 {start|stop|status|restart}"
 	  exit 1
 	  ;;
--- a/systemvm/patches/debian/config/etc/iptables/iptables-consoleproxy
+++ b/systemvm/patches/debian/config/etc/iptables/iptables-consoleproxy
--- a/systemvm/patches/debian/config/etc/iptables/iptables-dhcpsrvr
+++ b/systemvm/patches/debian/config/etc/iptables/iptables-dhcpsrvr
--- a/systemvm/patches/debian/config/etc/iptables/iptables-elbvm
+++ b/systemvm/patches/debian/config/etc/iptables/iptables-elbvm
@ -31,4 +31,3 @@ COMMIT
 -A INPUT -i lo -j ACCEPT
 -A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
 COMMIT
--- a/Show More
+++ b/Show More
		`@ -1,2 +0,0 @@`
			`These are the templates for the redundant router`
			`and redundant vpc_router`
`@ -1,2 +1 @@`
	`SUBSYSTEM=="net" KERNEL=="eth*" RUN+="/opt/cloud/bin/cloud-nic.sh $env{ACTION} %k"`	`SUBSYSTEM=="net" KERNEL=="eth*" RUN+="/opt/cloud/bin/cloud-nic.sh $env{ACTION} %k"`