apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 11:52:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merging some changes from master related to making the build work [missing files, updated build scripts, etc.]

Browse Source
This commit is contained in:
Kris McQueen 2010-09-17 13:21:23 -07:00
parent 1f4b2cfb06
commit b42ca89626
31 changed files with 2042 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
build.xml
View File

@ -10,69 +10,32 @@
</description>
<dirname property="base.dir" file="${ant.file.Cloud.com Cloud Stack Build Dispatch}"/>
<property name="build.dir" location="${base.dir}/build"/>
<condition property="build-cloud.properties.file" value="${build.dir}/override/build-cloud.properties" else="${build.dir}/build-cloud.properties">
<available file="${build.dir}/override/build-cloud.properties" />
<condition property="build-cloud.properties.file" value="${base.dir}/build/override/build-cloud.properties" else="${base.dir}/build/build-cloud.properties">
<available file="${base.dir}/build/override/build-cloud.properties" />
</condition>
<property file="${build-cloud.properties.file}"/>
<property name="premium.name" value="cloudstack-proprietary"/>
<property name="premium.base.dir" location="${base.dir}/${premium.name}"/>
<condition property="my.build.dir" value="${premium.base.dir}/build" else="${base.dir}/build">
<and>
<available file="${premium.base.dir}/build"/>
<not>
<isset property="OSS"/>
</not>
</and>
</condition>
<property name="dist.dir" location="${base.dir}/dist"/>
<property name="target.dir" location="${base.dir}/target"/>
<condition property="build.file" value="premium/build-cloud-premium.xml" else="build-cloud.xml">
<and>
<available file="build/premium/build-cloud-premium.xml"/>
<not>
<isset property="OSS"/>
</not>
</and>
</condition>
<condition property="package.file" value="premium/package-premium.xml" else="package.xml">
<and>
<available file="build/premium/package-premium.xml"/>
<not>
<isset property="OSS"/>
</not>
</and>
</condition>
<condition property="developer.file" value="premium/developer-premium.xml" else="developer.xml">
<and>
<available file="build/premium/developer-premium.xml"/>
<not>
<isset property="OSS"/>
</not>
</and>
</condition>
<condition property="docs.file" value="premium/build-docs-premium.xml" else="build-docs.xml">
<and>
<available file="build/premium/build-docs-premium.xml"/>
<not>
<isset property="OSS"/>
</not>
</and>
</condition>
<condition property="test.file" value="premium/build-tests-premium.xml" else="build-tests.xml">
<and>
<available file="build/premium/build-tests-premium.xml"/>
<not>
<isset property="OSS"/>
</not>
</and>
</condition>
<import file="${base.dir}/plugins/zynga/build.xml" optional='true'/>
<import file="${build.dir}/${build.file}" optional="false"/>
<import file="${build.dir}/${docs.file}" optional="true"/>
<import file="${build.dir}/${test.file}" optional="true"/>
<import file="${build.dir}/${package.file}" optional="true"/>
<import file="${build.dir}/${developer.file}" optional="true"/>
<import file="${my.build.dir}/build-cloud.xml" optional="false"/>
<import file="${my.build.dir}/build-docs.xml" optional="true"/>
<import file="${my.build.dir}/build-tests.xml" optional="true"/>
<import file="${my.build.dir}/package.xml" optional="true"/>
<import file="${my.build.dir}/developer.xml" optional="true"/>
</project>

119
build/build-cloud.xml
View File

@ -7,6 +7,7 @@
</description>
<!--
Test
Always use this variable to refer to the base directory because this
variable is changeable
-->
@ -60,7 +61,9 @@
<property name="dep.cache.dir" location="${target.dir}/dep-cache" />
<property name="build.log" location="${target.dir}/ant_verbose.txt" />
<property name="thirdparty.dir" location="${base.dir}/thirdparty" />
<property name="proprietary.dir" location="${base.dir}/${premium.name}" />
<property name="thirdparty.dir" location="${proprietary.dir}/thirdparty" />
<property name="deps.dir" location="${base.dir}/deps" />
<!-- directories for client compilation-->
@ -98,12 +101,13 @@
<property name="console-viewer.dist.dir" location="${dist.dir}/console-viewer" />
<property name="tools.dir" location="${base.dir}/tools" />
<!-- <property name="antcontrib.dir" location="${tools.dir}/tools/ant/apache-ant-1.8.0/lib" />-->
<!-- <property name="antcontrib.dir" location="${tools.dir}/tools/ant/apache-ant-1.8.0/lib" />-->
<property name="deploy.dir" location="${build.dir}/deploy" />
<property name="production.dir" location="${deploy.dir}/production" />
<property name="meld.home" location="/usr/local/bin" />
<property name="assertion" value="-da" />
<!-- directories for testing -->
<property name="test.target.dir" location="${target.dir}/test" />
<property name="test.classes.dir" location="${test.target.dir}/classes" />
@ -134,7 +138,7 @@
<path id="src.classpath">
</path>
<path id="thirdparty.classpath">
<filelist files="${thirdparty.classpath}" />
<fileset dir="${thirdparty.dir}" erroronmissingdir="false">
@ -173,7 +177,7 @@
<target name="compile-api" depends="-init, compile-utils" description="Compile the utilities jar that is shared.">
<compile-java jar.name="${api.jar}" top.dir="${api.dir}" classpath="api.classpath" />
</target>
<path id="core.classpath">
<path refid="thirdparty.classpath" />
<path refid="dist.classpath" />
@ -220,7 +224,6 @@
<include name="**/*.html" />
<include name="**/*.js"/>
<include name="**/*.jsp"/>
<include name="**/*.properties"/>
<exclude name="**/.classpath" />
<exclude name="**/.project" />
</fileset>
@ -234,11 +237,15 @@
<exclude name="**/*.html" />
<exclude name="**/*.js"/>
<exclude name="**/*.jsp"/>
<exclude name="**/*.properties"/>
<exclude name="**/.classpath" />
<exclude name="**/.project" />
</fileset>
</copy>
<copy todir="${client.target.dir}">
<fileset dir="${client.dir}/WEB-INF/classes">
<include name="**/*.properties"/>
</fileset>
</copy>
</target>
<target name="build-server" depends="compile-server">
@ -249,24 +256,40 @@
<copy todir="${server.dist.dir}/lib">
<fileset dir="${thirdparty.dir}">
<include name="mysql-connector-java-5.1.7-bin.jar" />
<include name="cglib-nodep-2.2.jar" />
<include name="gson-1.3.jar" />
<include name="log4j-1.2.15.jar" />
<include name="apache-log4j-extras-1.0.jar" />
<include name="ehcache-1.5.0.jar" />
<include name="commons-logging-1.1.1.jar" />
<include name="commons-dbcp-1.2.2.jar" />
<include name="commons-pool-1.4.jar" />
<include name="backport-util-concurrent-3.0.jar" />
<include name="httpcore-4.0.jar" />
<include name="commons-httpclient-3.1.jar" />
<include name="commons-codec-1.4.jar" />
<include name="email.jar" />
<include name="xmlrpc-client-3.1.3.jar" />
<include name="xmlrpc-common-3.1.3.jar" />
<include name="xenserver-5.5.0-1.jar" />
<include name="ws-commons-util-1.0.2.jar" />
<include name="trilead-ssh2-build213.jar" />
<include name="cglib-nodep-2.2.jar" />
<include name="gson-1.3.jar" />
<include name="log4j-1.2.15.jar" />
<include name="apache-log4j-extras-1.0.jar" />
<include name="ehcache-1.5.0.jar" />
<include name="commons-logging-1.1.1.jar" />
<include name="commons-dbcp-1.2.2.jar" />
<include name="commons-pool-1.4.jar" />
<include name="backport-util-concurrent-3.0.jar" />
<include name="httpcore-4.0.jar" />
<include name="commons-httpclient-3.1.jar" />
<include name="commons-codec-1.4.jar" />
<include name="email.jar" />
<include name="xmlrpc-client-3.1.3.jar" />
<include name="xmlrpc-common-3.1.3.jar" />
<include name="xenserver-5.5.0-1.jar" />
<include name="ws-commons-util-1.0.2.jar" />
<include name="trilead-ssh2-build213.jar" />
<include name="vmware-apputils.jar" />
<include name="vmware-vim.jar" />
<include name="vmware-vim25.jar" />
<include name="vmware-lib-activation.jar" />
<include name="vmware-lib-axis.jar" />
<include name="vmware-lib-jaxen-core.jar" />
<include name="vmware-lib-jaxen-jdom.jar" />
<include name="vmware-lib-jaxrpc.jar" />
<include name="vmware-lib-jdom.jar" />
<include name="vmware-lib-mailapi.jar" />
<include name="vmware-lib-saxpath.jar" />
<include name="vmware-lib-smtp.jar" />
<include name="vmware-lib-wbem.jar" />
<include name="vmware-lib-xalan.jar" />
<include name="vmware-lib-xerces.jar" />
<include name="vmware-lib-xml-apis.jar" />
</fileset>
</copy>
@ -281,12 +304,12 @@
</filterreader>
</filterchain>
</copy>
<copy overwrite="true" todir="${server.dist.dir}/conf">
<fileset dir="${server.dir}/src/com/cloud/migration">
<include name="*.xml" />
</fileset>
</copy>
<fileset dir="${server.dir}/src/com/cloud/migration">
<include name="*.xml" />
</fileset>
</copy>
</target>
<path id="console-common.classpath">
@ -320,7 +343,7 @@
<fileset dir="${thirdparty.dir}">
<include name="log4j-1.2.15.jar" />
<include name="apache-log4j-extras-1.0.jar" />
<include name="gson-1.3.jar" />
<include name="gson-1.3.jar" />
</fileset>
</copy>
@ -367,10 +390,6 @@
</target>
<target name="build-console-proxy" depends="-init, build-console-viewer, compile-console-proxy, copy-console-proxy">
<copy todir="${console-proxy.dist.dir}">
<fileset dir="${console-proxy.dir}/scripts">
</fileset>
</copy>
<copy todir="${console-proxy.dist.dir}">
<fileset dir="${console-proxy.dir}/scripts">
</fileset>
@ -494,21 +513,19 @@
<chmod file="${dist.dir}/deploy-agent.sh" perm="uog+xr" />
<chmod file="${dist.dir}/deploy-server.sh" perm="uog+xr" />
</target>
<target name="build-kvm-domr-patch" depends="-init">
<target name="build-systemvm-patch" depends="-init">
<mkdir dir="${dist.dir}" />
<tar destfile="${dist.dir}/patch.tar">
<tarfileset dir="${base.dir}/patches/kvm" filemode="755">
<include name="**/*"/>
<exclude name="**/.classpath" />
<exclude name="**/.project" />
</tarfileset>
<tarfileset dir="${base.dir}/patches/shared" filemode="755">
<include name="**/*"/>
<exclude name="**/.classpath" />
<exclude name="**/.project" />
</tarfileset>
<tarfileset dir="${base.dir}/patches/systemvm" filemode="755">
<include name="**/*"/>
<exclude name="**/.classpath" />
<exclude name="**/.project" />
<exclude name="**/wscript_build" />
</tarfileset>
</tar>
<copy file="${base.dir}/patches/systemvm/root/.ssh/authorized_keys" todir="${dist.dir}/"/>
<gzip destfile="${dist.dir}/patch.tgz" src="${dist.dir}/patch.tar"/>
<delete file="${dist.dir}/patch.tar"/>
</target>
@ -526,7 +543,7 @@
<!-- create a UTC build timestamp using ISO 8601 formatting -->
<tstamp>
<format property="utc.build.timestamp" pattern="yyyy-MM-dd'T'HH:mm:ss.SSS'Z'" timezone="GMT" />
<format property="utc.build.timestamp" pattern="yyyy-MM-dd'T'HH:mm:ss'Z'" timezone="GMT" />
</tstamp>
<!-- remember who/where did the build -->
@ -538,9 +555,9 @@
<!-- set build.number property, stored in eponymous file -->
<buildnumber file="${build.dir}/build.number" />
<condition property="impl.version" value="${version}.${manual.build.number}" else="${version}.${build.number}">
<isset property="manual.build.number"/>
</condition>
<condition property="impl.version" value="${version}.${manual.build.number}" else="${version}.${utc.build.timestamp}">
<isset property="manual.build.number"/>
</condition>
<echo message="Build number is ${impl.version}" />

1
build/build-common.xml
View File

@ -44,6 +44,7 @@
<depend srcdir="@{top.dir}/src" destdir="${classes.dir}/@{jar.name}" cache="${dep.cache.dir}" />
<echo message="Compiling @{top.dir}/src"/>
<javac srcdir="@{top.dir}/src" debug="${debug}" debuglevel="${debuglevel}" deprecation="${deprecation}" destdir="${classes.dir}/@{jar.name}" source="${source.compat.version}" target="${target.compat.version}" includeantruntime="false" compiler="javac1.6">
<!-- compilerarg line="-processor com.cloud.annotation.LocalProcessor -processorpath ${base.dir}/tools/src -Xlint:all"/ -->
<!-- compilerarg line="-processor com.cloud.utils.LocalProcessor -processorpath ${base.dir}/utils/src -Xlint:all"/ -->

25
build/package.xml
View File

@ -23,7 +23,6 @@
<property name="docs.dist.dir" location="${dist.dir}/docs" />
<property name="db.dist.dir" location="${dist.dir}/db" />
<property name="usage.dist.dir" location="${dist.dir}/usage" />
<property name="kvm.domr.patch.dir" location="${scripts.dir}/vm/hypervisor/kvm/patch" />
<target name="-init-package">
<mkdir dir="${dist.dir}" />
@ -92,9 +91,9 @@
</target>
<target name="package-agent" depends="-init-package, package-oss-systemvm, build-kvm-domr-patch, package-agent-common">
<target name="package-agent" depends="-init-package, package-oss-systemvm, build-systemvm-patch, package-agent-common">
<zip destfile="${dist.dir}/agent.zip" duplicate="preserve" update="true">
<zipfileset dir="${dist.dir}" prefix="scripts/vm/hypervisor/kvm">
<zipfileset dir="${dist.dir}" prefix="vms">
<include name="patch.tgz" />
</zipfileset>
<zipfileset dir="${dist.dir}" prefix="vms" filemode="555">
@ -103,6 +102,19 @@
</zip>
</target>
<target name="package-oss-systemvm-iso" depends="-init-package, package-oss-systemvm, build-systemvm-patch">
<exec executable="mkisofs" dir="${dist.dir}">
<arg value="-quiet"/>
<arg value="-r"/>
<arg value="-o"/>
<arg value="systemvm.iso"/>
<arg value="systemvm.zip"/>
<arg value="patch.tgz"/>
<arg value="authorized_keys"/>
</exec>
</target>
<target name="package-agent-simulator" depends="-init-package">
<delete file="${dist.dir}/agent-simulator.zip" />
<zip destfile="${dist.dir}/agent-simulator.zip" duplicate="preserve">
@ -123,7 +135,7 @@
</zip>
</target>
<target name="build-all" depends="build-opensource, build-kvm-domr-patch, build-ui, build-war-oss, package-oss-systemvm">
<target name="build-all" depends="build-opensource, build-ui, build-war-oss, package-oss-systemvm-iso">
</target>
<target name="build-war-oss" depends="-init-package" description="Compile the GWT client UI and builds WAR file.">
@ -135,7 +147,7 @@
<exclude name="**/*.properties" />
</fileset>
<classes dir="${client.target.dir}">
<include name="**/resources/*.properties" />
<include name="**/resources/*.properties" />
</classes>
<lib dir="${jar.dir}">
<include name="cloud-*.jar" />
@ -236,7 +248,8 @@
</delete>
</target>
<target name="sendjarfiles" depends="compile-utils, compile-core, compile-server, compile-agent, compile-console-common, compile-console-proxy, build-console-viewer">
<!-- The following target is OBSOLETE. If you need to add a jar file / target, go to the function def runant(target): in wscrpit_build, and list the jar file and the target in the appropriate places -->
<target name="sendjarfiles" depends="compile-utils, compile-core, compile-server, compile-agent, compile-console-common, compile-console-proxy, build-console-viewer">
<copy todir="${waf.artifacts}">
<fileset dir="${target.dir}/jar"/>
</copy>

1
client/WEB-INF/classes/resources/resource.properties Normal file
View File

@ -0,0 +1 @@
Details = Details

14
client/WEB-INF/classes/resources/resource_zh.properties Normal file
View File

@ -0,0 +1,14 @@
Details = 詳述
Volume = 容積
Statistics = 統計
Zone = 區域
Template = 模板
Service = 服務
HA = 高的可用性
Created = 產生日期
Account = 帳戶
Domain = 領土
Host = 主機
ISO = 空白模板

463
patches/systemvm/etc/dnsmasq.conf Executable file
View File

@ -0,0 +1,463 @@
# Configuration file for dnsmasq.
#
# Format is one option per line, legal options are the same
# as the long options legal on the command line. See
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
# @VERSION@
# The following two options make you a better netizen, since they
# tell dnsmasq to filter out queries which the public DNS cannot
# answer, and which load the servers (especially the root servers)
# uneccessarily. If you have a dial-on-demand link they also stop
# these requests from bringing up the link uneccessarily.
# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv
# Uncomment this to filter useless windows-originated DNS requests
# which can trigger dial-on-demand links needlessly.
# Note that (amongst other things) this blocks all SRV requests,
# so don't use it if you use eg Kerberos.
# This option only affects forwarding, SRV records originating for
# dnsmasq (via srv-host= lines) are not suppressed by it.
#filterwin2k
# Change this line if you want dns to get its upstream servers from
# somewhere other that /etc/resolv.conf
resolv-file=/etc/dnsmasq-resolv.conf
# By default, dnsmasq will send queries to any of the upstream
# servers it knows about and tries to favour servers to are known
# to be up. Uncommenting this forces dnsmasq to try each query
# with each server strictly in the order they appear in
# /etc/resolv.conf
#strict-order
# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
#no-resolv
# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
# files for changes and re-read them then uncomment this.
#no-poll
# Add other name servers here, with domain specs if they are for
# non-public domains.
#server=/localnet/192.168.0.1
# Example of routing PTR queries to nameservers: this will send all
# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
#server=/3.168.192.in-addr.arpa/10.1.2.3
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
#local=/localnet/
# Add domains which you want to force to an IP address here.
# The example below send any host in doubleclick.net to a local
# webserver.
#address=/doubleclick.net/127.0.0.1
# If you want dnsmasq to change uid and gid to something other
# than the default, edit the following lines.
#user=
#group=
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=eth0
# Or you can specify which interface _not_ to listen on
except-interface=eth1
except-interface=eth2
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
#listen-address=
# If you want dnsmasq to provide only DNS service on an interface,
# configure it as shown above, and then use the following line to
# disable DHCP on it.
no-dhcp-interface=eth1
no-dhcp-interface=eth2
# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
# requests that it shouldn't reply to. This has the advantage of
# working even when interfaces come and go and change address. If you
# want dnsmasq to really bind only the interfaces it is listening on,
# uncomment this option. About the only time you may need this is when
# running another nameserver on the same machine.
bind-interfaces
# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
#no-hosts
# or if you want it to read another file, as well as /etc/hosts, use
# this.
#addn-hosts=/etc/banner_add_hosts
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
expand-hosts
# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
# as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
# domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
#domain=foo.com
# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.
dhcp-range=10.0.0.1,static
#dhcp-range=10.0.0.1,10.255.255.255
dhcp-hostsfile=/etc/dhcphosts.txt
# This is an example of a DHCP range where the netmask is given. This
# is needed for networks we reach the dnsmasq DHCP server via a relay
# agent. If you don't know what a DHCP relay agent is, you probably
# don't need to worry about this.
#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
# This is an example of a DHCP range with a network-id, so that
# some DHCP options may be set only for this network.
#dhcp-range=red,192.168.0.50,192.168.0.150
# Supply parameters for specified hosts using DHCP. There are lots
# of valid alternatives, so we will give examples of each. Note that
# IP addresses DO NOT have to be in the range given above, they just
# need to be on the same network. The order of the parameters in these
# do not matter, it's permissble to give name,adddress and MAC in any order
# Always allocate the host with ethernet address 11:22:33:44:55:66
# The IP address 192.168.0.60
#dhcp-host=11:22:33:44:55:66,192.168.0.60
# Always set the name of the host with hardware address
# 11:22:33:44:55:66 to be "fred"
#dhcp-host=11:22:33:44:55:66,fred
# Always give the host with ethernet address 11:22:33:44:55:66
# the name fred and IP address 192.168.0.60 and lease time 45 minutes
#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
# Give the machine which says it's name is "bert" IP address
# 192.168.0.70 and an infinite lease
#dhcp-host=bert,192.168.0.70,infinite
# Always give the host with client identifier 01:02:02:04
# the IP address 192.168.0.60
#dhcp-host=id:01:02:02:04,192.168.0.60
# Always give the host with client identifier "marjorie"
# the IP address 192.168.0.60
#dhcp-host=id:marjorie,192.168.0.60
# Enable the address given for "judge" in /etc/hosts
# to be given to a machine presenting the name "judge" when
# it asks for a DHCP lease.
#dhcp-host=judge
# Never offer DHCP service to a machine whose ethernet
# address is 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,ignore
# Ignore any client-id presented by the machine with ethernet
# address 11:22:33:44:55:66. This is useful to prevent a machine
# being treated differently when running under different OS's or
# between PXE boot and OS boot.
#dhcp-host=11:22:33:44:55:66,id:*
# Send extra options which are tagged as "red" to
# the machine with ethernet address 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,net:red
# Send extra options which are tagged as "red" to
# any machine with ethernet address starting 11:22:33:
#dhcp-host=11:22:33:*:*:*,net:red
# Ignore any clients which are specified in dhcp-host lines
# or /etc/ethers. Equivalent to ISC "deny unkown-clients".
# This relies on the special "known" tag which is set when
# a host is matched.
#dhcp-ignore=#known
# Send extra options which are tagged as "red" to any machine whose
# DHCP vendorclass string includes the substring "Linux"
#dhcp-vendorclass=red,Linux
# Send extra options which are tagged as "red" to any machine one
# of whose DHCP userclass strings includes the substring "accounts"
#dhcp-userclass=red,accounts
# Send extra options which are tagged as "red" to any machine whose
# MAC address matches the pattern.
#dhcp-mac=red,00:60:8C:*:*:*
# If this line is uncommented, dnsmasq will read /etc/ethers and act
# on the ethernet-address/IP pairs found there just as if they had
# been given as --dhcp-host options. Useful if you keep
# MAC-address/host mappings there for other purposes.
#read-ethers
# Send options to hosts which ask for a DHCP lease.
# See RFC 2132 for details of available options.
# Common options can be given to dnsmasq by name:
# run "dnsmasq --help dhcp" to get a list.
# Note that all the common settings, such as netmask and
# broadcast address, DNS server and default route, are given
# sane defaults by dnsmasq. You very likely will not need
# any dhcp-options. If you use Windows clients and Samba, there
# are some options which are recommended, they are detailed at the
# end of this section.
# Override the default route supplied by dnsmasq, which assumes the
# router is the same machine as the one running dnsmasq.
#dhcp-option=3,1.2.3.4
# Do the same thing, but using the option name
#dhcp-option=option:router,1.2.3.4
# Override the default route supplied by dnsmasq and send no default
# route at all. Note that this only works for the options sent by
# default (1, 3, 6, 12, 28) the same line will send a zero-length option
# for all other option numbers.
#dhcp-option=3
# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
# Set the NTP time server address to be the same machine as
# is running dnsmasq
#dhcp-option=42,0.0.0.0
# Set the NIS domain name to "welly"
#dhcp-option=40,welly
# Set the default time-to-live to 50
#dhcp-option=23,50
# Set the "all subnets are local" flag
#dhcp-option=27,1
# Set the domain
#dhcp-option=15,"foo.com"
# Send the etherboot magic flag and then etherboot options (a string).
#dhcp-option=128,e4:45:74:68:00:00
#dhcp-option=129,NIC=eepro100
# Specify an option which will only be sent to the "red" network
# (see dhcp-range for the declaration of the "red" network)
# Note that the net: part must precede the option: part.
#dhcp-option = net:red, option:ntp-server, 192.168.1.1
# The following DHCP options set up dnsmasq in the same way as is specified
# for the ISC dhcpcd in
# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
# adapted for a typical dnsmasq installation where the host running
# dnsmasq is also the host running samba.
# you may want to uncomment them if you use Windows clients and Samba.
#dhcp-option=19,0 # option ip-forwarding off
#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
#dhcp-option=45,0.0.0.0 # netbios datagram distribution server
#dhcp-option=46,8 # netbios node type
#dhcp-option=47 # empty netbios scope.
# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
# probably doesn't support this......
#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
# Send RFC-3442 classless static routes (note the netmask encoding)
#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
# Send vendor-class specific options encapsulated in DHCP option 43.
# The meaning of the options is defined by the vendor-class so
# options are sent only when the client supplied vendor class
# matches the class given here. (A substring match is OK, so "MSFT"
# matches "MSFT" and "MSFT 5.0"). This example sets the
# mtftp address to 0.0.0.0 for PXEClients.
#dhcp-option=vendor:PXEClient,1,0.0.0.0
# Send microsoft-specific option to tell windows to release the DHCP lease
# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
# value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
dhcp-option=vendor:MSFT,2,1i
# Send the Encapsulated-vendor-class ID needed by some configurations of
# Etherboot to allow is to recognise the DHCP server.
#dhcp-option=vendor:Etherboot,60,"Etherboot"
# Send options to PXELinux. Note that we need to send the options even
# though they don't appear in the parameter request list, so we need
# to use dhcp-option-force here.
# See http://syslinux.zytor.com/pxe.php#special for details.
# Magic number - needed before anything else is recognised
#dhcp-option-force=208,f1:00:74:7e
# Configuration file name
#dhcp-option-force=209,configs/common
# Path prefix
#dhcp-option-force=210,/tftpboot/pxelinux/files/
# Reboot time. (Note 'i' to send 32-bit value)
#dhcp-option-force=211,30i
# Set the boot filename for BOOTP. You will only need
# this is you want to boot machines over the network and you will need
# a TFTP server; either dnsmasq's built in TFTP server or an
# external one. (See below for how to enable the TFTP server.)
#dhcp-boot=pxelinux.0
# Enable dnsmasq's built-in TFTP server
#enable-tftp
# Set the root directory for files availble via FTP.
#tftp-root=/var/ftpd
# Make the TFTP server more secure: with this set, only files owned by
# the user dnsmasq is running as will be send over the net.
#tftp-secure
# Set the boot file name only when the "red" tag is set.
#dhcp-boot=net:red,pxelinux.red-net
# An example of dhcp-boot with an external server: the name and IP
# address of the server are given after the filename.
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
# Set the limit on DHCP leases, the default is 150
#dhcp-lease-max=150
# The DHCP server needs somewhere on disk to keep its lease database.
# This defaults to a sane location, but if you want to change it, use
# the line below.
#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
leasefile-ro
# Set the DHCP server to authoritative mode. In this mode it will barge in
# and take over the lease for any client which broadcasts on the network,
# whether it has a record of the lease or not. This avoids long timeouts
# when a machine wakes up on a new network. DO NOT enable this if there's
# the slighest chance that you might end up accidentally configuring a DHCP
# server for your campus/company accidentally. The ISC server uses
# the same option, and this URL provides more information:
# http://www.isc.org/index.pl?/sw/dhcp/authoritative.php
#dhcp-authoritative
# Run an executable when a DHCP lease is created or destroyed.
# The arguments sent to the script are "add" or "del",
# then the MAC address, the IP address and finally the hostname
# if there is one.
#dhcp-script=/bin/echo
# Set the cachesize here.
#cache-size=150
# If you want to disable negative caching, uncomment this.
#no-negcache
# Normally responses which come form /etc/hosts and the DHCP lease
# file have Time-To-Live set as zero, which conventionally means
# do not cache further. If you are happy to trade lower load on the
# server for potentially stale date, you can set a time-to-live (in
# seconds) here.
#local-ttl=
# If you want dnsmasq to detect attempts by Verisign to send queries
# to unregistered .com and .net hosts to its sitefinder service and
# have dnsmasq instead return the correct NXDOMAIN response, uncomment
# this line. You can add similar lines to do the same for other
# registries which have implemented wildcard A records.
#bogus-nxdomain=64.94.110.11
# If you want to fix up DNS results from upstream servers, use the
# alias option. This only works for IPv4.
# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
#alias=1.2.3.4,5.6.7.8
# and this maps 1.2.3.x to 5.6.7.x
#alias=1.2.3.0,5.6.7.0,255.255.255.0
# Change these lines if you want dnsmasq to serve MX records.
# Return an MX record named "maildomain.com" with target
# servermachine.com and preference 50
#mx-host=maildomain.com,servermachine.com,50
# Set the default target for MX records created using the localmx option.
#mx-target=servermachine.com
# Return an MX record pointing to the mx-target for all local
# machines.
#localmx
# Return an MX record pointing to itself for all local machines.
#selfmx
# Change the following lines if you want dnsmasq to serve SRV
# records. These are useful if you want to serve ldap requests for
# Active Directory and other windows-originated DNS requests.
# See RFC 2782.
# You may add multiple srv-host lines.
# The fields are <name>,<target>,<port>,<priority>,<weight>
# If the domain part if missing from the name (so that is just has the
# service and protocol sections) then the domain given by the domain=
# config option is used. (Note that expand-hosts does not need to be
# set for this to work.)
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 289
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 289 (using domain=)
###domain=example.com
#srv-host=_ldap._tcp,ldapserver.example.com,389
# Two SRV records for LDAP, each with different priorities
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
# A SRV record indicating that there is no LDAP server for the domain
# example.com
#srv-host=_ldap._tcp.example.com
# The following line shows how to make dnsmasq serve an arbitrary PTR
# record. This is useful for DNS-SD. (Note that the
# domain-name expansion done for SRV records _does_not
# occur for PTR records.)
#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
# Change the following lines to enable dnsmasq to serve TXT records.
# These are used for things like SPF and zeroconf. (Note that the
# domain-name expansion done for SRV records _does_not
# occur for TXT records.)
#Example SPF.
#txt-record=example.com,"v=spf1 a -all"
#Example zeroconf
#txt-record=_http._tcp.example.com,name=value,paper=A4
# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
log-queries
# Log lots of extra information about DHCP transactions.
log-dhcp
log-facility=/var/log/dnsmasq.log
# Include a another lot of configuration options.
#conf-file=/etc/dnsmasq.more.conf
conf-dir=/etc/dnsmasq.d

26
patches/systemvm/etc/haproxy/haproxy.cfg Executable file
View File

@ -0,0 +1,26 @@
global
log 127.0.0.1:3914 local0 info
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
option dontlognull
retries 3
option redispatch
option forwardfor
stats enable
stats uri /admin?stats
stats realm Haproxy\ Statistics
stats auth admin1:AdMiN123
option forceclose
timeout connect 5000
timeout client 50000
timeout server 50000
listen 0.0.0.0:9
option transparent

2
patches/systemvm/etc/hosts Executable file
View File

@ -0,0 +1,2 @@
# @VERSION@
10.1.1.1 gateway

7
patches/systemvm/etc/init.d/domr_webserver Executable file
View File

@ -0,0 +1,7 @@
#!/bin/bash
# chkconfig: 345 98 02
# description: Web server that sends passwords to User VMs
# This file exists in /etc/init.d/ in the routing domain
# @VERSION@
bash /root/run_domr_webserver&

117
patches/systemvm/etc/init.d/postinit Executable file
View File

@ -0,0 +1,117 @@
#! /bin/bash
# chkconfig: 35 11 90
# description: pre-boot configuration using boot line parameters
# This file exists in /etc/init.d/
replace_in_file() {
local filename=$1
local keyname=$2
local value=$3
sed -i /$keyname=/d $filename
echo "$keyname=$value" >> $filename
return $?
}
setup_secstorage() {
public_ip=$ETH2_IP
sed -i /$NAME/d /etc/hosts
echo "$public_ip $NAME" >> /etc/hosts
[ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:80$/Listen $public_ip:80/" /etc/httpd/conf/httpd.conf
[ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:443$/Listen $public_ip:443/" /etc/httpd/conf/httpd.conf
}
setup_console_proxy() {
public_ip=$ETH2_IP
sed -i /$NAME/d /etc/hosts
echo "$public_ip $NAME" >> /etc/hosts
}
if [ -f /mnt/cmdline ]
then
CMDLINE=$(cat /mnt/cmdline)
else
CMDLINE=$(cat /proc/cmdline)
fi
TYPE="router"
BOOTPROTO="static"
for i in $CMDLINE
do
# search for foo=bar pattern and cut out foo
KEY=$(echo $i | cut -d= -f1)
VALUE=$(echo $i | cut -d= -f2)
case $KEY in
eth0ip)
ETH0_IP=$VALUE
;;
eth1ip)
ETH1_IP=$VALUE
;;
eth2ip)
ETH2_IP=$VALUE
;;
gateway)
GW=$VALUE
;;
eth0mask)
ETH0_MASK=$VALUE
;;
eth1mask)
ETH1_MASK=$VALUE
;;
eth2mask)
ETH2_MASK=$VALUE
;;
dns1)
NS1=$VALUE
;;
dns2)
NS2=$VALUE
;;
domain)
DOMAIN=$VALUE
;;
mgmtcidr)
MGMTNET=$VALUE
;;
localgw)
LOCAL_GW=$VALUE
;;
template)
TEMPLATE=$VALUE
;;
name)
NAME=$VALUE
;;
dhcprange)
DHCP_RANGE=$(echo $VALUE | tr ':' ',')
;;
bootproto)
BOOTPROTO=$VALUE
;;
type)
TYPE=$VALUE
;;
esac
done
if [ "$BOOTPROTO" == "static" ]
then
exit 0
fi
ETH1_IP=$(ifconfig eth1|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1)
ETH2_IP=$(ifconfig eth2|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1)
case $TYPE in
secstorage)
[ "$NAME" == "" ] && NAME=secstorage
setup_secstorage;
;;
consoleproxy)
[ "$NAME" == "" ] && NAME=consoleproxy
setup_console_proxy;
;;
esac

246
patches/systemvm/etc/init.d/seteth1 Executable file
View File

@ -0,0 +1,246 @@
#! /bin/bash
# chkconfig: 35 09 90
# description: pre-boot configuration using boot line parameters
# This file exists in /etc/init.d/
replace_in_file() {
local filename=$1
local keyname=$2
local value=$3
sed -i /$keyname=/d $filename
echo "$keyname=$value" >> $filename
return $?
}
setup_interface() {
local intfnum=$1
local ip=$2
local mask=$3
cfg=/etc/sysconfig/network-scripts/ifcfg-eth${intfnum}
if [ "$BOOTPROTO" == "dhcp" ]
then
if [ "$intfnum" != "0" ]
then
replace_in_file ${cfg} BOOTPROTO dhcp
replace_in_file ${cfg} ONBOOT Yes
sed -i /IPADDR/d ${cfg}
sed -i /NETMASK/d ${cfg}
return
fi
fi
replace_in_file ${cfg} IPADDR ${ip}
replace_in_file ${cfg} NETMASK ${mask}
if [ "$ip" == "0.0.0.0" ]
then
replace_in_file ${cfg} ONBOOT No
else
replace_in_file ${cfg} ONBOOT Yes
fi
}
setup_common() {
setup_interface "0" $ETH0_IP $ETH0_MASK
setup_interface "1" $ETH1_IP $ETH1_MASK
setup_interface "2" $ETH2_IP $ETH2_MASK
if [ "$BOOTPROTO" == "static" ]
then
replace_in_file /etc/sysconfig/network GATEWAY $GW
if [ -n "$ETH2_IP" -a "$ETH2_IP" != "0.0.0.0" ]
then
replace_in_file /etc/sysconfig/network GATEWAYDEV "eth2"
else
sed -i /GATEWAYDEV/d /etc/sysconfig/network
fi
else
sed -i /GATEWAY/d /etc/sysconfig/network
fi
replace_in_file /etc/sysconfig/network HOSTNAME $NAME
replace_in_file /etc/sysconfig/network NOZEROCONF yes
hostname $NAME
#Nameserver
if [ -n "$NS1" ]
then
echo "nameserver $NS1" > /etc/dnsmasq-resolv.conf
echo "nameserver $NS1" > /etc/resolv.conf
fi
if [ -n "$NS2" ]
then
echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
echo "nameserver $NS2" >> /etc/resolv.conf
fi
if [[ -n "$MGMTNET" && -n "$LOCAL_GW" ]]
then
echo "$MGMTNET via $LOCAL_GW dev eth1" > /etc/sysconfig/network-scripts/route-eth1
fi
}
setup_router() {
setup_common
[ -z $DHCP_RANGE ] && DHCP_RANGE=$ETH0_IP
if [ -n "$DOMAIN" ]
then
#send domain name to dhcp clients
sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf
#DNS server will append $DOMAIN to local queries
sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
#answer all local domain queries
sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
fi
sed -i -e "s/^dhcp-range=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf
sed -i -e "s/^[#]*listen-address=.*$/listen-address=$ETH0_IP/" /etc/dnsmasq.conf
sed -i /gateway/d /etc/hosts
echo "$ETH0_IP $NAME" >> /etc/hosts
[ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*$/Listen $ETH0_IP:80/" /etc/httpd/conf/httpd.conf
[ -f /etc/httpd/conf.d/ssl.conf ] && mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak
[ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ETH1_IP/" /etc/ssh/sshd_config
}
setup_dhcpsrvr() {
setup_common
[ -z $DHCP_RANGE ] && DHCP_RANGE=$ETH0_IP
[ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
if [ -n "$DOMAIN" ]
then
#send domain name to dhcp clients
sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf
#DNS server will append $DOMAIN to local queries
sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
#answer all local domain queries
sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
fi
sed -i -e "s/^dhcp-range=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf
sed -i -e "s/^[#]*dhcp-option=option:router.*$/dhcp-option=option:router,$GW/" /etc/dnsmasq.conf
#for now set up ourself as the dns server as well
sed -i s/[#]*dhcp-option=6.*$/dhcp-option=6,\"$NS1\",\"$NS2\"/ /etc/dnsmasq.conf
sed -i /gateway/d /etc/hosts
echo "$ETH0_IP $NAME" >> /etc/hosts
[ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*$/Listen $ETH0_IP:80/" /etc/httpd/conf/httpd.conf
[ -f /etc/httpd/conf.d/ssl.conf ] && mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak
[ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ETH1_IP/" /etc/ssh/sshd_config
}
setup_secstorage() {
setup_common
sed -i /gateway/d /etc/hosts
public_ip=$ETH2_IP
[ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP
echo "$public_ip $NAME" >> /etc/hosts
[ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:80$/Listen $public_ip:80/" /etc/httpd/conf/httpd.conf
[ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:443$/Listen $public_ip:443/" /etc/httpd/conf/httpd.conf
}
setup_console_proxy() {
setup_common
public_ip=$ETH2_IP
[ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP
sed -i /gateway/d /etc/hosts
echo "$public_ip $NAME" >> /etc/hosts
}
if [ -f /mnt/cmdline ]
then
CMDLINE=$(cat /mnt/cmdline)
else
CMDLINE=$(cat /proc/cmdline)
fi
if [ ! -d /root/.ssh ]
then
mkdir /root/.ssh
chmod 700 /root/.ssh
fi
if [ -f /mnt/id_rsa.pub ]
then
cat /mnt/id_rsa.pub > /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
fi
TYPE="router"
BOOTPROTO="static"
for i in $CMDLINE
do
# search for foo=bar pattern and cut out foo
KEY=$(echo $i | cut -d= -f1)
VALUE=$(echo $i | cut -d= -f2)
case $KEY in
eth0ip)
ETH0_IP=$VALUE
;;
eth1ip)
ETH1_IP=$VALUE
;;
eth2ip)
ETH2_IP=$VALUE
;;
gateway)
GW=$VALUE
;;
eth0mask)
ETH0_MASK=$VALUE
;;
eth1mask)
ETH1_MASK=$VALUE
;;
eth2mask)
ETH2_MASK=$VALUE
;;
dns1)
NS1=$VALUE
;;
dns2)
NS2=$VALUE
;;
domain)
DOMAIN=$VALUE
;;
mgmtcidr)
MGMTNET=$VALUE
;;
localgw)
LOCAL_GW=$VALUE
;;
template)
TEMPLATE=$VALUE
;;
name)
NAME=$VALUE
;;
dhcprange)
DHCP_RANGE=$(echo $VALUE | tr ':' ',')
;;
bootproto)
BOOTPROTO=$VALUE
;;
type)
TYPE=$VALUE
;;
esac
done
case $TYPE in
router)
[ "$NAME" == "" ] && NAME=router
setup_router
;;
dhcpsrvr)
[ "$NAME" == "" ] && NAME=dhcpsrvr
setup_dhcpsrvr
;;
secstorage)
[ "$NAME" == "" ] && NAME=secstorage
setup_secstorage;
;;
consoleproxy)
[ "$NAME" == "" ] && NAME=consoleproxy
setup_console_proxy;
;;
esac

140
patches/systemvm/etc/init.d/vmops Executable file
View File

@ -0,0 +1,140 @@
#!/bin/bash
#
# vmops Script to start and stop VMOps console proxy in domR/domP.
#
# Author: Chiradeep Vittal <chiradeep@vmops.com>
# chkconfig: 2345 99 01
# description: Start up the VMOps agent
#
# This file exists in /etc/init.d/ in the domR/DomP
# with a software link /etc/rc.d/rc3.d/S99vmops pointed to it
#
# @VERSION@
if [ -f /mnt/cmdline ]
then
CMDLINE=$(cat /mnt/cmdline)
else
CMDLINE=$(cat /proc/cmdline)
fi
TEMPLATE="domR"
for i in $CMDLINE
do
# search for foo=bar pattern and cut out foo
FIRSTPATTERN=$(echo $i | cut -d= -f1)
case $FIRSTPATTERN in
template)
TEMPLATE=$(echo $i | cut -d= -f2)
;;
esac
done
# Source function library.
if [ -f /etc/init.d/functions ]
then
. /etc/init.d/functions
fi
_success() {
if [ -f /etc/init.d/functions ]
then
success
else
echo "Success"
fi
}
_failure() {
if [ -f /etc/init.d/functions ]
then
failure
else
echo "Failed"
fi
}
RETVAL=$?
VMOPS_HOME="/usr/local/vmops"
# mkdir -p /var/log/vmops
get_pids() {
local i
for i in $(ps -ef| grep java | grep -v grep | awk '{print $2}');
do
echo $(pwdx $i) | grep "$VMOPS_HOME" | grep -i console | awk -F: '{print $1}';
done
}
start() {
if [ "$TEMPLATE" == "domP" ];
then
local pid=$(get_pids)
echo -n "Starting VMOps Console Proxy: "
if [ -f $VMOPS_HOME/consoleproxy/run.sh ];
then
if [ "$pid" == "" ]
then
if [ ! -d /var/log/vmops ]
then
mkdir -p /var/log/vmops
fi
if [ ! -f /var/log/vmops/vmops.out ]
then
touch /var/log/vmops/vmops.out
fi
(cd $VMOPS_HOME/consoleproxy; nohup ./run.sh > /var/log/vmops/vmops.out 2>&1 & )
pid=$(get_pids)
echo $pid > /var/run/vmops.pid
fi
_success
else
_failure
fi
echo
fi
}
stop() {
if [ "$TEMPLATE" == "domP" ];
then
local pid
echo -n "Stopping VMOps agent: "
for pid in $(get_pids)
do
kill $pid
done
_success
echo
fi
}
status() {
if [ "$TEMPLATE" == "domP" ];
then
local pids=$(get_pids)
if [ "$pids" == "" ]
then
echo "VMOps agent is not running"
return 1
fi
echo "VMOps agent is running: process id: $pids"
fi
return 0
}
case "$1" in
start) start
;;
stop) stop
;;
status) status
;;
restart) stop
start
;;
*) echo $"Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac
exit $RETVAL

10
patches/systemvm/etc/rc.local Executable file
View File

@ -0,0 +1,10 @@
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
# @VERSION@
touch /var/lock/subsys/local
ethtool -K eth0 tx off
ethtool -K eth1 tx off

128
patches/systemvm/etc/ssh/sshd_config Executable file
View File

@ -0,0 +1,128 @@
# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 3922
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
# no default banner path
#Banner /some/path
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

20
patches/systemvm/etc/sysconfig/iptables-consoleproxy Normal file
View File

@ -0,0 +1,20 @@
# Generated by iptables-save v1.3.8 on Thu Oct 1 18:16:05 2009
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 3922 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT
-A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
COMMIT

24
patches/systemvm/etc/sysconfig/iptables-domr Normal file
View File

@ -0,0 +1,24 @@
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport 80 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o eth2 -j ACCEPT
-A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT

20
patches/systemvm/etc/sysconfig/iptables-secstorage Normal file
View File

@ -0,0 +1,20 @@
# Generated by iptables-save v1.3.8 on Thu Oct 1 18:16:05 2009
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:HTTP - [0:0]
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 80 -j HTTP
-A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 80 -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
COMMIT

33
patches/systemvm/etc/sysctl.conf Normal file
View File

@ -0,0 +1,33 @@
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# @VERSION@
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Respect local interface in ARP interactions
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 2
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
net.netfilter.nf_conntrack_max=65536

1
patches/systemvm/root/.ssh/authorized_keys Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3VD1tGRDn3stlJvPNXmQZdQCNjqcfY+xlitd5q0n3KYqJ5OBrty3/00XBUdLt31TbQ4dv+GR7uEr+ex7rm0jjmTFKV4rHYPi882CuC5+bkBp5R4k+mpcyKbxb+IoNS9ItbiExQxMiiRQpHvNem0GGnNFO3lElRPwUFs8evTvZu5HcTj4k4RJLJ66jeIGJ3sMAJ03SICGwfEZjrsyeOMwJk7cH8WNeuNzxzoZd9v02eI0lHdK9O5z7FwrxvRBbzsmJ0EwuhbH8pR7WR6kGLTNP9KEwtrnzV1LYWd+rFoSeh6ImExG7fma3Ldydg8CPTQsjvCEQUxiuV1/x5am5VJlUw== root@r-6-TEST

22
patches/systemvm/root/clearUsageRules.sh Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env bash
# clearUsageRules.sh - remove iptable rules for removed public interfaces
#
#
# @VERSION@
# if removedVifs file doesn't exist, no rules to be cleared
if [ -f /root/removedVifs ]
then
var=`cat /root/removedVifs`
# loop through even vif to be cleared
for i in $var; do
# Make sure vif doesn't exist
if [ ! -f /sys/class/net/$i ]
then
# remove rules
iptables -D NETWORK_STATS -i eth0 -o $i > /dev/null;
iptables -D NETWORK_STATS -i $i -o eth0 > /dev/null;
fi
done
rm /root/removedVifs
fi

50
patches/systemvm/root/edithosts.sh Executable file
View File

@ -0,0 +1,50 @@
#!/usr/bin/env bash
# edithosts.sh -- edit the dhcphosts file on the routing domain
# $1 : the mac address
# $2 : the associated ip address
# $3 : the hostname
wait_for_dnsmasq () {
local _pid=$(/sbin/pidof dnsmasq)
for i in 0 1 2 3 4 5 6 7 8 9 10
do
sleep 1
_pid=$(/sbin/pidof dnsmasq)
[ "$_pid" != "" ] && break;
done
[ "$_pid" != "" ] && return 0;
echo "edithosts: timed out waiting for dnsmasq to start"
return 1
}
#delete any previous entries from the dhcp hosts file
sed -i /$1/d /etc/dhcphosts.txt
sed -i /$2,/d /etc/dhcphosts.txt
sed -i /$3,/d /etc/dhcphosts.txt
#put in the new entry
echo "$1,$2,$3,infinite" >>/etc/dhcphosts.txt
#delete leases to supplied mac and ip addresses
sed -i /$1/d /var/lib/misc/dnsmasq.leases
sed -i /"$2 "/d /var/lib/misc/dnsmasq.leases
sed -i /"$3 "/d /var/lib/misc/dnsmasq.leases
#put in the new entry
echo "0 $1 $2 $3 *" >> /var/lib/misc/dnsmasq.leases
#edit hosts file as well
sed -i /"$2 "/d /etc/hosts
sed -i /"$3"/d /etc/hosts
echo "$2 $3" >> /etc/hosts
# make dnsmasq re-read files
pid=$(/sbin/pidof dnsmasq)
if [ "$pid" != "" ]
then
service dnsmasq restart
else
wait_for_dnsmasq
fi
exit $?

204
patches/systemvm/root/firewall.sh Executable file
View File

@ -0,0 +1,204 @@
#!/usr/bin/env bash
# $Id: firewall.sh 9947 2010-06-25 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/xenserver/root/firewall.sh $
# firewall.sh -- allow some ports / protocols to vm instances
#
#
# @VERSION@
usage() {
printf "Usage: %s: (-A|-D) -i <domR eth1 ip> -r <target-instance-ip> -P protocol (-p port_range | -t icmp_type_code) -l <public ip address> -d <target port> [-f <firewall ip> -u <firewall user> -y <firewall password> -z <firewall enable password> ] \n" $(basename $0) >&2
}
set -x
get_dom0_ip () {
eval "$1=$(ifconfig eth0 | awk '/inet addr/ {split ($2,A,":"); print A[2]}')"
return 0
}
#Add the tcp firewall entries into iptables in the routing domain
tcp_entry() {
local instIp=$1
local dport=$2
local pubIp=$3
local port=$4
local op=$5
for vif in $VIF_LIST; do
iptables -t nat $op PREROUTING --proto tcp -i $vif -d $pubIp --destination-port $port -j DNAT --to-destination $instIp:$dport >/dev/null;
done;
iptables -t nat $op OUTPUT --proto tcp -d $pubIp --destination-port $port -j DNAT --to-destination $instIp:$dport >/dev/null;
iptables $op FORWARD -p tcp -s 0/0 -d $instIp -m state --state ESTABLISHED,RELATED -j ACCEPT > /dev/null;
iptables $op FORWARD -p tcp -s 0/0 -d $instIp --destination-port $dport --syn -j ACCEPT > /dev/null;
return $?
}
#Add the udp firewall entries into iptables in the routing domain
udp_entry() {
local instIp=$1
local dport=$2
local pubIp=$3
local port=$4
local op=$5
for vif in $VIF_LIST; do
iptables -t nat $op PREROUTING --proto udp -i $vif -d $pubIp --destination-port $port -j DNAT --to-destination $instIp:$dport >/dev/null;
done;
iptables -t nat $op OUTPUT --proto udp -d $pubIp --destination-port $port -j DNAT --to-destination $instIp:$dport >/dev/null;
iptables $op FORWARD -p udp -s 0/0 -d $instIp --destination-port $dport -j ACCEPT > /dev/null;
return $?
}
#Add the icmp firewall entries into iptables in the routing domain
icmp_entry() {
local instIp=$1
local icmptype=$2
local pubIp=$3
local op=$4
for vif in $VIF_LIST; do
iptables -t nat $op PREROUTING --proto icmp -i $vif -d $pubIp --icmp-type $icmptype -j DNAT --to-destination $instIp >/dev/null;
done;
iptables -t nat $op OUTPUT --proto icmp -d $pubIp --icmp-type $icmptype -j DNAT --to-destination $instIp:$dport >/dev/null;
iptables $op FORWARD -p icmp -s 0/0 -d $instIp --icmp-type $icmptype -j ACCEPT > /dev/null;
return $?
}
get_vif_list() {
local vif_list=""
for i in /sys/class/net/eth*; do
vif=$(basename $i);
if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ]
then
vif_list="$vif_list $vif";
fi
done
echo $vif_list
}
reverse_op() {
local op=$1
if [ "$op" == "-A" ]
then
echo "-D"
else
echo "-A"
fi
}
rflag=
iflag=
Pflag=
pflag=
tflag=
lflag=
dflag=
oflag=
wflag=
xflag=
nflag=
Nflag=
op=""
oldPrivateIP=""
oldPrivatePort=""
while getopts 'ADr:i:P:p:t:l:d:w:x:n:N:' OPTION
do
case $OPTION in
A) Aflag=1
op="-A"
;;
D) Dflag=1
op="-D"
;;
i) iflag=1
domRIp="$OPTARG"
;;
r) rflag=1
instanceIp="$OPTARG"
;;
P) Pflag=1
protocol="$OPTARG"
;;
p) pflag=1
ports="$OPTARG"
;;
t) tflag=1
icmptype="$OPTARG"
;;
l) lflag=1
publicIp="$OPTARG"
;;
d) dflag=1
dport="$OPTARG"
;;
w) wflag=1
oldPrivateIP="$OPTARG"
;;
x) xflag=1
oldPrivatePort="$OPTARG"
;;
n) nflag=1
domRName="$OPTARG"
;;
N) Nflag=1
netmask="$OPTARG"
;;
?) usage
exit 2
;;
esac
done
reverseOp=$(reverse_op $op)
VIF_LIST=$(get_vif_list)
case $protocol in
"tcp")
# If oldPrivateIP was passed in, this is an update. Delete the old rule from DomR.
if [ "$oldPrivateIP" != "" ]
then
tcp_entry $oldPrivateIP $oldPrivatePort $publicIp $ports "-D"
fi
# Add/delete the new rule
tcp_entry $instanceIp $dport $publicIp $ports $op
exit $?
;;
"udp")
# If oldPrivateIP was passed in, this is an update. Delete the old rule from DomR.
if [ "$oldPrivateIP" != "" ]
then
udp_entry $oldPrivateIP $oldPrivatePort $publicIp $ports "-D"
fi
# Add/delete the new rule
udp_entry $instanceIp $dport $publicIp $ports $op
exit $?
;;
"icmp")
# If oldPrivateIP was passed in, this is an update. Delete the old rule from DomR.
if [ "$oldPrivateIP" != "" ]
then
icmp_entry $oldPrivateIp $icmptype $publicIp "-D"
fi
# Add/delete the new rule
icmp_entry $instanceIp $icmptype $publicIp $op
exit $?
;;
*)
printf "Invalid protocol-- must be tcp, udp or icmp\n" >&2
exit 5
;;
esac

167
patches/systemvm/root/loadbalancer.sh Executable file
View File

@ -0,0 +1,167 @@
#!/usr/bin/env bash
# $Id: loadbalancer.sh 9947 2010-06-25 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/xenserver/root/loadbalancer.sh $
# loadbalancer.sh -- reconfigure loadbalancer rules
#
#
# @VERSION@
usage() {
printf "Usage: %s: -i <domR eth1 ip> -a <added public ip address> -d <removed> -f <load balancer config> \n" $(basename $0) >&2
}
# set -x
# check if gateway domain is up and running
check_gw() {
ping -c 1 -n -q $1 > /dev/null
if [ $? -gt 0 ]
then
sleep 1
ping -c 1 -n -q $1 > /dev/null
fi
return $?;
}
# firewall entry to ensure that haproxy can receive on specified port
fw_entry() {
local added=$1
local removed=$2
if [ "$added" == "none" ]
then
added=""
fi
if [ "$removed" == "none" ]
then
removed=""
fi
local a=$(echo $added | cut -d, -f1- --output-delimiter=" ")
local r=$(echo $removed | cut -d, -f1- --output-delimiter=" ")
for i in $a
do
local pubIp=$(echo $i | cut -d: -f1)
local dport=$(echo $i | cut -d: -f2)
for vif in $VIF_LIST; do
iptables -D INPUT -i $vif -p tcp -d $pubIp --dport $dport -j ACCEPT 2> /dev/null
iptables -A INPUT -i $vif -p tcp -d $pubIp --dport $dport -j ACCEPT
if [ $? -gt 0 ]
then
return 1
fi
done
done
for i in $r
do
local pubIp=$(echo $i | cut -d: -f1)
local dport=$(echo $i | cut -d: -f2)
for vif in $VIF_LIST; do
iptables -D INPUT -i $vif -p tcp -d $pubIp --dport $dport -j ACCEPT
done
done
return 0
}
#Hot reconfigure HA Proxy in the routing domain
reconfig_lb() {
/root/reconfigLB.sh
return $?
}
# Restore the HA Proxy to its previous state, and revert iptables rules on DomR
restore_lb() {
# Copy the old version of haproxy.cfg into the file that reconfigLB.sh uses
cp /etc/haproxy/haproxy.cfg.old /etc/haproxy/haproxy.cfg.new
if [ $? -eq 0 ]
then
# Run reconfigLB.sh again
/root/reconfigLB.sh
fi
}
get_vif_list() {
local vif_list=""
for i in /sys/class/net/eth*; do
vif=$(basename $i);
if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ]
then
vif_list="$vif_list $vif";
fi
done
echo $vif_list
}
mflag=
iflag=
aflag=
dflag=
fflag=
while getopts 'i:a:d:f:' OPTION
do
case $OPTION in
i) iflag=1
domRIp="$OPTARG"
;;
a) aflag=1
addedIps="$OPTARG"
;;
d) dflag=1
removedIps="$OPTARG"
;;
f) fflag=1
cfgfile="$OPTARG"
;;
?) usage
exit 2
;;
esac
done
VIF_LIST=$(get_vif_list)
# hot reconfigure haproxy
reconfig_lb $cfgfile
if [ $? -gt 0 ]
then
printf "Reconfiguring loadbalancer failed\n"
exit 1
fi
if [ "$addedIps" == "" ]
then
addedIps="none"
fi
if [ "$removedIps" == "" ]
then
removedIps="none"
fi
# iptables entry to ensure that haproxy receives traffic
fw_entry $addedIps $removedIps
if [ $? -gt 0 ]
then
# Restore the LB
restore_lb
# Revert iptables rules on DomR, with addedIps and removedIps swapped
fw_entry $removedIps $addedIps
exit 1
fi
exit 0

116
patches/systemvm/root/patchsystemvm.sh Executable file
View File

@ -0,0 +1,116 @@
#/bin/bash
# $Id: patchsystemvm.sh 10800 2010-07-16 13:48:39Z edison $ $HeadURL: svn://svn.lab.vmops.com/repos/branches/2.1.x/java/scripts/vm/hypervisor/xenserver/prepsystemvm.sh $
#set -x
logfile="/var/log/patchsystemvm.log"
#
# To use existing console proxy .zip-based package file
#
patch_console_proxy() {
local patchfile=$1
rm /usr/local/cloud/systemvm -rf
mkdir -p /usr/local/cloud/systemvm
echo "All" | unzip $patchfile -d /usr/local/cloud/systemvm >$logfile 2>&1
find /usr/local/cloud/systemvm/ -name \*.sh | xargs chmod 555
return 0
}
consoleproxy_svcs() {
chkconfig cloud on
chkconfig postinit on
chkconfig domr_webserver off
chkconfig haproxy off ;
chkconfig dnsmasq off
chkconfig sshd on
chkconfig httpd off
chkconfig nfs off
chkconfig nfslock off
chkconfig rpcbind off
chkconfig rpcidmap off
cp /etc/sysconfig/iptables-consoleproxy /etc/sysconfig/iptables
mkdir -p /var/log/cloud
}
secstorage_svcs() {
chkconfig cloud on
chkconfig postinit on
chkconfig domr_webserver off
chkconfig haproxy off ;
chkconfig dnsmasq off
chkconfig sshd on
chkconfig httpd off
cp /etc/sysconfig/iptables-secstorage /etc/sysconfig/iptables
scp 169.254.0.1:/usr/sbin/vhd-util /usr/sbin
mkdir -p /var/log/cloud
}
routing_svcs() {
chkconfig cloud off
chkconfig domr_webserver on ;
chkconfig haproxy on ;
chkconfig dnsmasq on
chkconfig sshd on
chkconfig nfs off
chkconfig nfslock off
chkconfig rpcbind off
chkconfig rpcidmap off
cp /etc/sysconfig/iptables-domr /etc/sysconfig/iptables
}
CMDLINE=$(cat /proc/cmdline)
TYPE="router"
for i in $CMDLINE
do
# search for foo=bar pattern and cut out foo
KEY=$(echo $i | cut -d= -f1)
VALUE=$(echo $i | cut -d= -f2)
case $KEY in
type)
TYPE=$VALUE
;;
*)
;;
esac
done
if [ "$TYPE" = "consoleproxy" ] || [ "$TYPE" = "secstorage" ] && [ -f /media/cdrom/systemvm.zip ]
then
patch_console_proxy /media/cdrom/systemvm.zip
if [ $? -gt 0 ]
then
printf "Failed to apply patch systemvm\n" >$logfile
exit 5
fi
fi
#empty known hosts
echo "" > /root/.ssh/known_hosts
if [ "$TYPE" = "consoleproxy" ]
then
consoleproxy_svcs
if [ $? -gt 0 ]
then
printf "Failed to execute consoleproxy_svcs\n" >$logfile
exit 6
fi
elif [ "$TYPE" = "secstorage" ]
then
secstorage_svcs
if [ $? -gt 0 ]
then
printf "Failed to execute secstorage_svcs\n" >$logfile
exit 7
fi
else
routing_svcs
if [ $? -gt 0 ]
then
printf "Failed to execute routing_svcs\n" >$logfile
exit 8
fi
fi
exit $?

25
patches/systemvm/root/reconfigLB.sh Executable file
View File

@ -0,0 +1,25 @@
#!/bin/bash
# $Id: reconfigLB.sh 9947 2010-06-25 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/kvm/root/reconfigLB.sh $
# @VERSION@
# save previous state
mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.old
mv /var/run/haproxy.pid /var/run/haproxy.pid.old
mv /etc/haproxy/haproxy.cfg.new /etc/haproxy/haproxy.cfg
kill -TTOU $(cat /var/run/haproxy.pid.old)
sleep 2
if haproxy -D -p /var/run/haproxy.pid -f /etc/haproxy/haproxy.cfg; then
echo "New haproxy instance successfully loaded, stopping previous one."
kill -KILL $(cat /var/run/haproxy.pid.old)
rm -f /var/run/haproxy.pid.old
exit 0
else
echo "New instance failed to start, resuming previous one."
kill -TTIN $(cat /var/run/haproxy.pid.old)
rm -f /var/run/haproxy.pid
mv /var/run/haproxy.pid.old /var/run/haproxy.pid
mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.new
mv /etc/haproxy/haproxy.cfg.old /etc/haproxy/haproxy.cfg
exit 1
fi

17
patches/systemvm/root/run_domr_webserver Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
# @VERSION@
guestIp=$(ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
while true
do
/usr/bin/socat TCP4-LISTEN:8080,reuseaddr,crnl,bind=$guestIp SYSTEM:"/root/send_password_to_domu.sh \"\$SOCAT_PEERADDR\""
rc=$?
if [ $rc -ne 0 ]
then
logger "Socat failed with error code $rc. Restarting socat..."
sleep 3
fi
done

75
patches/systemvm/root/send_password_to_domu.sh Executable file
View File

@ -0,0 +1,75 @@
#!/bin/bash
# $Id: send_password_to_domu.sh 9947 2010-06-25 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/kvm/root/send_password_to_domu.sh $
# @VERSION@
# set -x
#replace a line in a file of the form key=value
# $1 filename
# $2 keyname
# $3 value
replace_in_file() {
local filename=$1
local keyname=$2
local value=$3
sed -i /$keyname=/d $filename
echo "$keyname=$value" >> $filename
return $?
}
#get a value from a file in the form key=value
# $1 filename
# $2 keyname
get_value() {
local filename=$1
local keyname=$2
grep -i $keyname= $filename | cut -d= -f2
}
ip=$1
logger "send_password_to_domu called to service a request for $ip."
while read input
do
if [ "$input" == "" ]
then
break
fi
request=$(echo $input | grep "DomU_Request:" | cut -d: -f2 | sed 's/^[ \t]*//')
if [ "$request" != "" ]
then
break
fi
done
# echo -e \"\\\"HTTP/1.0 200 OK\\\nDocumentType: text/plain\\\n\\\n\\\"\";
if [ "$request" == "send_my_password" ]
then
password=$(get_value /root/passwords $ip)
if [ "$password" == "" ]
then
logger "send_password_to_domu sent bad_request to $ip."
echo "bad_request"
else
logger "send_password_to_domu sent a password to $ip."
echo $password
fi
else
if [ "$request" == "saved_password" ]
then
replace_in_file /root/passwords $ip "saved_password"
logger "send_password_to_domu sent saved_password to $ip."
echo "saved_password"
else
logger "send_password_to_domu sent bad_request to $ip."
echo "bad_request"
fi
fi
# echo -e \"\\\"\\\n\\\"\"
exit 0

4
patches/systemvm/var/www/html/latest/.htaccess Normal file
View File

@ -0,0 +1,4 @@
Options +FollowSymLinks
Options -Indexes
RewriteEngine On

1
patches/systemvm/var/www/html/metadata/.htaccess Normal file
View File

@ -0,0 +1 @@
Options -Indexes

1
patches/systemvm/var/www/html/userdata/.htaccess Normal file
View File

@ -0,0 +1 @@
Options -Indexes