cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From h...@apache.org
Subject [13/19] Move the system vm to a separate maven project.
Date Fri, 20 Sep 2013 10:33:05 GMT
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/firewall.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/firewall.sh b/patches/systemvm/debian/config/root/firewall.sh
deleted file mode 100755
index 5615360..0000000
--- a/patches/systemvm/debian/config/root/firewall.sh
+++ /dev/null
@@ -1,357 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-# $Id: firewall.sh 9947 2010-06-25 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/xenserver/root/firewall.sh $
-# firewall.sh -- allow some ports / protocols to vm instances
-# @VERSION@
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-
-vpnoutmark="0x525"
-
-usage() {
-  printf "Usage: %s: (-A|-D)   -r <target-instance-ip> -P protocol (-p port_range | -t icmp_type_code)  -l <public ip address> -d <target port> -s <source cidrs> [-G]   \n" $(basename $0) >&2
-}
-
-#set -x
-
-get_dev_list() {
-  ip link show | grep -e eth[2-9] | awk -F ":" '{print $2}'
-  ip link show | grep -e eth1[0-9] | awk -F ":" '{print $2}'
-}
-
-ip_to_dev() {
-  local ip=$1
-
-  for dev in $DEV_LIST; do
-    ip addr show dev $dev | grep inet | grep $ip &>> /dev/null
-    [ $? -eq 0 ] && echo $dev && return 0
-  done
-  return 1
-}
-
-doHairpinNat () {
-  local vrGuestIPNetwork=$(sudo ip addr show dev eth0 | grep inet | grep eth0 | awk '{print $2}' | head -1)
-  local vrGuestIP=$(echo $vrGuestIPNetwork | awk -F'/' '{print $1}')
-
-  local publicIp=$1
-  local prot=$2
-  local port=$3
-  local guestVmIp=$4
-  local guestPort=$(echo $5 | sed 's/:/-/')
-  local op=$6
-  logger -t cloud "$(basename $0): create HairPin entry : public ip=$publicIp \
-  instance ip=$guestVmIp proto=$proto portRange=$guestPort op=$op"
-
-  if [ "$prot" == "all" ]
-	then
-  		logger -t cloud "creating hairpin nat rules for static nat" 
-  		(sudo iptables -t nat $op PREROUTING -d $publicIp -i eth0 -j DNAT --to-destination $guestVmIp &>> $OUTFILE || [ "$op" == "-D" ]) &&
-  		(sudo iptables -t nat $op POSTROUTING -s $vrGuestIPNetwork -d $guestVmIp -j SNAT -o eth0 --to-source $vrGuestIP &>> $OUTFILE || [ "$op" == "-D" ])
-	else
-  		(sudo iptables -t nat $op PREROUTING -d $publicIp -i eth0 -p $prot --dport $port -j DNAT --to-destination $guestVmIp:$guestPort &>> $OUTFILE || [ "$op" == "-D" ]) &&
-  		(sudo iptables -t nat $op POSTROUTING -s $vrGuestIPNetwork -p $prot --dport $port -d $guestVmIp -j SNAT -o eth0 --to-source $vrGuestIP &>> $OUTFILE || [ "$op" == "-D" ])
-	fi
-}
-
-#Port (address translation) forwarding for tcp or udp
-tcp_or_udp_entry() {
-  local instIp=$1
-  local dport0=$2
-  local dport=$(echo $2 | sed 's/:/-/')
-  local publicIp=$3
-  local port=$4
-  local op=$5
-  local proto=$6
-  local cidrs=$7
-
-  logger -t cloud "$(basename $0): creating port fwd entry for PAT: public ip=$publicIp \
-  instance ip=$instIp proto=$proto port=$port dport=$dport op=$op"
-
-  #if adding, this might be a duplicate, so delete the old one first
-  [ "$op" == "-A" ] && tcp_or_udp_entry $instIp $dport0 $publicIp $port "-D" $proto $cidrs
-  # the delete operation may have errored out but the only possible reason is 
-  # that the rules didn't exist in the first place
-  local dev=$(ip_to_dev $publicIp)
-  local tableNo=$(echo $dev | awk -F'eth' '{print $2}')
-  # shortcircuit the process if error and it is an append operation
-  # continue if it is delete
-  (sudo iptables -t nat $op PREROUTING --proto $proto -i $dev -d $publicIp \
-           --destination-port $port -j DNAT  \
-           --to-destination $instIp:$dport &>> $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables -t mangle $op PREROUTING --proto $proto -i $dev -d $publicIp \
-           --destination-port $port -j MARK --set-mark $tableNo &>> $OUTFILE || [ "$op" == "-D" ]) && 
-  (sudo iptables -t mangle $op PREROUTING --proto $proto -i $dev -d $publicIp \
-           --destination-port $port -m state --state NEW -j CONNMARK --save-mark &>> $OUTFILE || [ "$op" == "-D" ]) &&
-  (doHairpinNat $publicIp $proto $port $instIp $dport0 $op) &&
-  (sudo iptables -t nat $op OUTPUT  --proto $proto -d $publicIp  \
-           --destination-port $port -j DNAT  \
-           --to-destination $instIp:$dport &>> $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables $op FORWARD -p $proto -s $cidrs -d $instIp -m state \
-           --state ESTABLISHED,RELATED -m comment --comment "$publicIp:$port" -j ACCEPT &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables $op FORWARD -p $proto -s $cidrs -d $instIp  \
-           --destination-port $dport0 -m state --state NEW -m comment --comment "$publicIp:$port" -j ACCEPT &>>  $OUTFILE)
-      
-
-  local result=$?
-  logger -t cloud "$(basename $0): done port fwd entry for PAT: public ip=$publicIp op=$op result=$result"
-  return $result
-}
-
-
-#Forward icmp
-icmp_entry() {
-  local instIp=$1
-  local icmptype=$2
-  local publicIp=$3
-  local op=$4
-  
-  logger -t cloud "$(basename $0): creating port fwd entry for PAT: public ip=$publicIp \
-  instance ip=$instIp proto=icmp port=$port dport=$dport op=$op"
-  #if adding, this might be a duplicate, so delete the old one first
-  [ "$op" == "-A" ] && icmp_entry $instIp $icmpType $publicIp "-D" 
-  # the delete operation may have errored out but the only possible reason is 
-  # that the rules didn't exist in the first place
-  local dev=$(ip_to_dev $publicIp)
-  sudo iptables -t nat $op PREROUTING --proto icmp -i $dev -d $publicIp --icmp-type $icmptype -j DNAT --to-destination $instIp &>>  $OUTFILE
-       
-  sudo iptables -t nat $op OUTPUT  --proto icmp -d $publicIp --icmp-type $icmptype -j DNAT --to-destination $instIp &>>  $OUTFILE
-  sudo iptables $op FORWARD -p icmp -s 0/0 -d $instIp --icmp-type $icmptype  -j ACCEPT &>>  $OUTFILE
-      
-  result=$?
-  logger -t cloud "$(basename $0): done port fwd entry for PAT: public ip=$publicIp op=$op result=$result"
-  return $result
-}
-
-
-
-one_to_one_fw_entry() {
-  local publicIp=$1
-  local instIp=$2  
-  local proto=$3
-  local portRange=$4 
-  local op=$5
-  logger -t cloud "$(basename $0): create firewall entry for static nat: public ip=$publicIp \
-  instance ip=$instIp proto=$proto portRange=$portRange op=$op"
-
-  #if adding, this might be a duplicate, so delete the old one first
-  [ "$op" == "-A" ] && one_to_one_fw_entry $publicIp $instIp $proto $portRange "-D" 
-  # the delete operation may have errored out but the only possible reason is 
-  # that the rules didn't exist in the first place
-
-  local dev=$(ip_to_dev $publicIp)
-  [ $? -ne 0 ] && echo "Could not find device associated with $publicIp" && return 1
-
-  # shortcircuit the process if error and it is an append operation
-  # continue if it is delete
-  (sudo iptables -t nat $op  PREROUTING -i $dev -d $publicIp --proto $proto \
-           --destination-port $portRange -j DNAT \
-           --to-destination $instIp &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (doHairpinNat $publicIp $proto $portRange $instIp $portRange $op) &&
-  (sudo iptables $op FORWARD -i $dev -o eth0 -d $instIp --proto $proto \
-           --destination-port $portRange -m state \
-           --state NEW -j ACCEPT &>>  $OUTFILE )
-
-  result=$?
-  logger -t cloud "$(basename $0): done firewall entry public ip=$publicIp op=$op result=$result"
-  return $result
-}
-
-fw_chain_for_ip() {
-  local pubIp=$1
-  if  iptables -t mangle -N FIREWALL_$pubIp &> /dev/null
-  then
-    logger -t cloud "$(basename $0): created a firewall chain for $pubIp"
-    (sudo iptables -t mangle -A FIREWALL_$pubIp -j DROP) &&
-    (sudo iptables -t mangle -I FIREWALL_$pubIp -m state --state RELATED,ESTABLISHED -j ACCEPT ) &&
-    (sudo iptables -t mangle -I PREROUTING 2 -d $pubIp -j FIREWALL_$pubIp)
-    return $?
-  fi
-  logger -t cloud "fw chain for $pubIp already exists"
-  return 0
-}
-
-static_nat() {
-  local publicIp=$1
-  local instIp=$2  
-  local op=$3
-  local op2="-D"
-  local rulenum=
-  local proto="all"
-
-  logger -t cloud "$(basename $0): static nat: public ip=$publicIp \
-  instance ip=$instIp  op=$op"
-  
-  #TODO check error below
-  fw_chain_for_ip $publicIp
-
-  #if adding, this might be a duplicate, so delete the old one first
-  [ "$op" == "-A" ] && static_nat $publicIp $instIp  "-D" 
-  # the delete operation may have errored out but the only possible reason is 
-  # that the rules didn't exist in the first place
-  [ "$op" == "-A" ] && op2="-I"
-  if [ "$op" == "-A" ]
-  then
-    # put static nat rule one rule after VPN no-NAT rule
-    # rule chain can be used to improve it later
-    iptables-save -t nat|grep "POSTROUTING" | grep $vpnoutmark > /dev/null
-    if [ $? -eq 0 ]
-    then
-      rulenum=2
-    else
-      rulenum=1
-    fi
-  fi
-
-  local dev=$(ip_to_dev $publicIp)
-  [ $? -ne 0 ] && echo "Could not find device associated with $publicIp" && return 1
-  local tableNo=$(echo $dev | awk -F'eth' '{print $2}')
-
-  # shortcircuit the process if error and it is an append operation
-  # continue if it is delete
-  (sudo iptables -t mangle $op PREROUTING -i $dev -d $publicIp \
-           -j MARK -m state --state NEW --set-mark $tableNo &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables -t mangle $op PREROUTING -i $dev -d $publicIp \
-           -m state --state NEW -j CONNMARK --save-mark &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables -t mangle $op  PREROUTING -s $instIp -i eth0  \
-           -j MARK -m state --state NEW --set-mark $tableNo &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables -t mangle $op PREROUTING -s $instIp -i eth0  \
-           -m state --state NEW -j CONNMARK --save-mark &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables -t nat $op  PREROUTING -i $dev -d $publicIp -j DNAT \
-           --to-destination $instIp &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables $op FORWARD -i $dev -o eth0 -d $instIp  -m state \
-           --state NEW -j ACCEPT &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables -t nat $op2 POSTROUTING $rulenum -s $instIp -j SNAT \
-           -o $dev --to-source $publicIp &>> $OUTFILE || [ "$op" == "-D" ]) &&
-  (doHairpinNat $publicIp $proto "all" $instIp "0:65535" $op)
-
-  result=$?
-  logger -t cloud "$(basename $0): done static nat entry public ip=$publicIp op=$op result=$result"
-  return $result
-}
-
-
-
-rflag=
-Pflag=
-pflag=
-tflag=
-lflag=
-dflag=
-sflag=
-Gflag=
-op=""
-
-while getopts 'ADr:P:p:t:l:d:s:G' OPTION
-do
-  case $OPTION in
-  A)    op="-A"
-        ;;
-  D)    op="-D"
-        ;;
-  r)    rflag=1
-        instanceIp="$OPTARG"
-        ;;
-  P)    Pflag=1
-        protocol="$OPTARG"
-        ;;
-  p)    pflag=1
-        ports="$OPTARG"
-        ;;
-  t)    tflag=1
-        icmptype="$OPTARG"
-        ;;
-  l)    lflag=1
-        publicIp="$OPTARG"
-        ;;
-  s)    sflag=1
-        cidrs="$OPTARG"
-        ;;
-  d)    dflag=1
-        dport="$OPTARG"
-        ;;
-  G)    Gflag=1
-        ;;
-  ?)    usage
-        unlock_exit 2 $lock $locked
-        ;;
-  esac
-done
-
-DEV_LIST=$(get_dev_list)
-OUTFILE=$(mktemp)
-
-#Firewall ports for one-to-one/static NAT
-if [ "$Gflag" == "1" ]
-then
-  if [ "$protocol" == "" ] 
-  then
-    static_nat $publicIp $instanceIp  $op
-  else
-    one_to_one_fw_entry $publicIp $instanceIp  $protocol $dport $op
-  fi
-  result=$?
-  if [ "$result" -ne 0 ] && [ "$op" != "-D" ]; then
-      cat $OUTFILE >&2
-  fi
-  rm -f $OUTFILE
-  if [ "$op" == "-D" ];then
-     result=0
-  fi
-  unlock_exit $result $lock $locked
-fi
-
-if [ "$sflag" != "1" ]
-then
-    cidrs="0/0"
-fi
-
-case $protocol  in
-  tcp|udp)    
-        tcp_or_udp_entry $instanceIp $dport $publicIp $ports $op $protocol $cidrs
-        result=$?
-        if [ "$result" -ne 0 ] && [ "$op" != "-D" ];then
-           cat $OUTFILE >&2
-        fi
-        rm -f $OUTFILE
-        if [ "$op" == "-D" ];then
-           result=0
-        fi
-        unlock_exit $result $lock $locked
-        ;;
-  "icmp")  
-  
-        icmp_entry $instanceIp $icmptype $publicIp $op 
-        if [ "$op" == "-D" ];then
-           result=0
-        fi
-        unlock_exit $? $lock $locked
-        ;;
-      *)
-        printf "Invalid protocol-- must be tcp, udp or icmp\n" >&2
-        unlock_exit 5 $lock $locked
-        ;;
-esac
-
-unlock_exit 0 $lock $locked

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/firewallRule_egress.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/firewallRule_egress.sh b/patches/systemvm/debian/config/root/firewallRule_egress.sh
deleted file mode 100755
index b1e7a40..0000000
--- a/patches/systemvm/debian/config/root/firewallRule_egress.sh
+++ /dev/null
@@ -1,187 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-# $Id: firewallRule_egress.sh 9947 2013-01-17 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/xenserver/root/firewallRule_egress.sh $
-# firewallRule_egress.sh -- allow some ports / protocols from vm instances
-# @VERSION@
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-#set -x
-usage() {
-  printf "Usage: %s:  -a protocol:startport:endport:sourcecidrs>  \n" $(basename $0) >&2
-  printf "sourcecidrs format:  cidr1-cidr2-cidr3-...\n"
-}
-
-fw_egress_remove_backup() {
-  sudo iptables -D FW_OUTBOUND -j _FW_EGRESS_RULES 
-  sudo iptables -F _FW_EGRESS_RULES 
-  sudo iptables -X _FW_EGRESS_RULES 
-}
-
-fw_egress_save() {
-  sudo iptables -E FW_EGRESS_RULES _FW_EGRESS_RULES 
-}
-
-fw_egress_chain () {
-#supress errors 2>/dev/null
-  fw_egress_remove_backup
-  fw_egress_save
-  sudo iptables -N FW_EGRESS_RULES 
-  sudo iptables -A FW_OUTBOUND -j FW_EGRESS_RULES
-}
-
-fw_egress_backup_restore() {
-   sudo iptables -A FW_OUTBOUND -j FW_EGRESS_RULES
-   sudo iptables -E _FW_EGRESS_RULES FW_EGRESS_RULES 
-   fw_egress_remove_backup
-}
-
-
-fw_entry_for_egress() {
-  local rule=$1
-
-  local prot=$(echo $rule | cut -d: -f2)
-  local sport=$(echo $rule | cut -d: -f3)
-  local eport=$(echo $rule | cut -d: -f4)
-  local cidrs=$(echo $rule | cut -d: -f5 | sed 's/-/ /g')
-  if [ "$sport" == "0" -a "$eport" == "0" ]
-  then
-      DPORT=""
-  else
-      DPORT="--dport $sport:$eport"
-  fi
-  logger -t cloud "$(basename $0): enter apply fw egress rules for guest $prot:$sport:$eport:$cidrs"  
-  
-  for lcidr in $cidrs
-  do
-    [ "$prot" == "reverted" ] && continue;
-    if [ "$prot" == "icmp" ]
-    then
-      typecode="$sport/$eport"
-      [ "$eport" == "-1" ] && typecode="$sport"
-      [ "$sport" == "-1" ] && typecode="any"
-      sudo iptables -A FW_EGRESS_RULES -p $prot -s $lcidr --icmp-type $typecode \
-                     -j $target
-      result=$?
-    elif [ "$prot" == "all" ]
-    then
-	    sudo iptables -A FW_EGRESS_RULES -p $prot -s $lcidr -j $target
-	    result=$?
-    else
-	    sudo iptables -A FW_EGRESS_RULES -p $prot -s $lcidr  $DPORT -j $target
-	    result=$?
-    fi
-  
-    [ $result -gt 0 ] && 
-       logger -t cloud "Error adding iptables entry for guest network $prot:$sport:$eport:$cidrs" &&
-       break
-  done
-
-  logger -t cloud "$(basename $0): exit apply egress firewall rules for guest network"  
-  return $result
-}
-
-
-aflag=0
-rules=""
-rules_list=""
-ip=""
-dev=""
-pflag=0
-shift
-shift
-while getopts 'a:P:' OPTION
-do
-  case $OPTION in
-  a)	aflag=1
-		rules="$OPTARG"
-		;;
-  P)   pflag=1
-       pvalue="$OPTARG"
-       ;;
-  ?)	usage
-                unlock_exit 2 $lock $locked
-		;;
-  esac
-done
-
-if [ "$aflag" != "1" ]
-then
-  usage
-  unlock_exit 2 $lock $locked
-fi
-
-if [ -n "$rules" ]
-then
-  rules_list=$(echo $rules | cut -d, -f1- --output-delimiter=" ")
-fi
-
-# rule format
-# protocal:sport:eport:cidr
-#-a tcp:80:80:0.0.0.0/0::tcp:220:220:0.0.0.0/0:,tcp:222:222:192.168.10.0/24-75.57.23.0/22-88.100.33.1/32
-#    if any entry is reverted , entry will be in the format reverted:0:0:0
-# example : tcp:80:80:0.0.0.0/0:, tcp:220:220:0.0.0.0/0:,200.1.1.2:reverted:0:0:0 
-
-success=0
-
-if [ "$pvalue" == "0" -o "$pvalue" == "2" ]
-  then
-     target="ACCEPT"
-  else
-     target="DROP"
-  fi
-
-fw_egress_chain
-for r in $rules_list
-do
-  fw_entry_for_egress $r
-  success=$?
-  if [ $success -gt 0 ]
-  then
-    logger -t cloud "failure to apply fw egress rules "
-    break
-  else
-    logger -t cloud "successful in applying fw egress rules"
-  fi
-done
-
-if [ $success -gt 0 ]
-then
-  logger -t cloud "restoring from backup for guest network"
-  fw_egress_backup_restore
-else
-  logger -t cloud "deleting backup for guest network"
-    if [ "$pvalue" == "1" -o "$pvalue" == "2" ]
-       then
-       #Adding default policy rule
-       sudo iptables -A FW_EGRESS_RULES  -j ACCEPT
-    fi
-
-fi
-
-fw_egress_remove_backup
-
-unlock_exit $success $lock $locked
-
-

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/firewall_rule.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/firewall_rule.sh b/patches/systemvm/debian/config/root/firewall_rule.sh
deleted file mode 100755
index 9e459f0..0000000
--- a/patches/systemvm/debian/config/root/firewall_rule.sh
+++ /dev/null
@@ -1,202 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-# firewall_rule.sh -- allow some ports / protocols to vm instances
-# @VERSION@
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-
-usage() {
-  printf "Usage: %s:  -a <public ip address:protocol:startport:endport:sourcecidrs>  \n" $(basename $0) >&2
-  printf "sourcecidrs format:  cidr1-cidr2-cidr3-...\n"
-}
-#set -x
-#FIXME: eating up the error code during execution of iptables
-fw_remove_backup() {
-  local pubIp=$1
-  sudo iptables -t mangle -F _FIREWALL_$pubIp 2> /dev/null
-  sudo iptables -t mangle -D PREROUTING  -d $pubIp -j _FIREWALL_$pubIp  2> /dev/null
-  sudo iptables -t mangle -X _FIREWALL_$pubIp 2> /dev/null
-}
-
-fw_restore() {
-  local pubIp=$1
-  sudo iptables -t mangle -F FIREWALL_$pubIp 2> /dev/null
-  sudo iptables -t mangle -D PREROUTING  -d $pubIp  -j FIREWALL_$pubIp  2> /dev/null
-  sudo iptables -t mangle -X FIREWALL_$pubIp 2> /dev/null
-  sudo iptables -t mangle -E _FIREWALL_$pubIp FIREWALL_$pubIp 2> /dev/null
-}
-
-fw_chain_for_ip () {
-  local pubIp=$1
-  fw_remove_backup $1
-  sudo iptables -t mangle -E FIREWALL_$pubIp _FIREWALL_$pubIp 2> /dev/null
-  sudo iptables -t mangle -N FIREWALL_$pubIp 2> /dev/null
-  # drop if no rules match (this will be the last rule in the chain)
-  sudo iptables -t mangle -A FIREWALL_$pubIp -j DROP> /dev/null
-  # ensure outgoing connections are maintained (first rule in chain)
-  sudo iptables -t mangle -I FIREWALL_$pubIp -m state --state RELATED,ESTABLISHED -j ACCEPT> /dev/null
-  #ensure that this table is after VPN chain
-  sudo iptables -t mangle -I PREROUTING 2 -d $pubIp -j FIREWALL_$pubIp
-  success=$?
-  if [ $success -gt 0 ]
-  then
-  # if VPN chain is not present for various reasons, try to add in to the first slot */
-     sudo iptables -t mangle -I PREROUTING -d $pubIp -j FIREWALL_$pubIp
-  fi
-}
-
-fw_entry_for_public_ip() {
-  local rules=$1
-
-  local pubIp=$(echo $rules | cut -d: -f1)
-  local prot=$(echo $rules | cut -d: -f2)
-  local sport=$(echo $rules | cut -d: -f3)    
-  local eport=$(echo $rules | cut -d: -f4)    
-  local scidrs=$(echo $rules | cut -d: -f5 | sed 's/-/ /g')
-  
-  logger -t cloud "$(basename $0): enter apply firewall rules for public ip $pubIp:$prot:$sport:$eport:$scidrs"  
-
-
-  # note that rules are inserted after the RELATED,ESTABLISHED rule 
-  # but before the DROP rule
-  for src in $scidrs
-  do
-    [ "$prot" == "reverted" ] && continue;
-    if [ "$prot" == "icmp" ]
-    then
-      typecode="$sport/$eport"
-      [ "$eport" == "-1" ] && typecode="$sport"
-      [ "$sport" == "-1" ] && typecode="any"
-      sudo iptables -t mangle -I FIREWALL_$pubIp 2 -s $src -p $prot \
-                    --icmp-type $typecode  -j RETURN
-    else
-       sudo iptables -t mangle -I FIREWALL_$pubIp 2 -s $src -p $prot \
-                    --dport $sport:$eport -j RETURN
-    fi
-    result=$?
-    [ $result -gt 0 ] && 
-       logger -t cloud "Error adding iptables entry for $pubIp:$prot:$sport:$eport:$src" &&
-       break
-  done
-      
-  logger -t cloud "$(basename $0): exit apply firewall rules for public ip $pubIp"  
-  return $result
-}
-
-get_vif_list() {
-  local vif_list=""
-  for i in /sys/class/net/eth*; do 
-    vif=$(basename $i);
-    if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ]
-    then
-      vif_list="$vif_list $vif";
-    fi
-  done
-  if [ "$vif_list" == "" ]
-  then
-      vif_list="eth0"
-  fi
-  
-  logger -t cloud "FirewallRule public interfaces = $vif_list"
-  echo $vif_list
-}
-
-shift 
-rules=
-while getopts 'a:' OPTION
-do
-  case $OPTION in
-  a)	aflag=1
-		rules="$OPTARG"
-		;;
-  ?)	usage
-                unlock_exit 2 $lock $locked
-		;;
-  esac
-done
-
-VIF_LIST=$(get_vif_list)
-
-if [ "$rules" == "" ]
-then
-  rules="none"
-fi
-
-#-a 172.16.92.44:tcp:80:80:0.0.0.0/0:,172.16.92.44:tcp:220:220:0.0.0.0/0:,172.16.92.44:tcp:222:222:192.168.10.0/24-75.57.23.0/22-88.100.33.1/32
-#    if any entry is reverted , entry will be in the format <ip>:reverted:0:0:0
-# example : 172.16.92.44:tcp:80:80:0.0.0.0/0:,172.16.92.44:tcp:220:220:0.0.0.0/0:,200.1.1.2:reverted:0:0:0 
-# The reverted entries will fix the following partially 
-#FIXME: rule leak: when there are multiple ip address, there will chance that entry will be left over if the ipadress  does not appear in the current execution when compare to old one 
-# example :  In the below first transaction have 2 ip's whereas in second transaction it having one ip, so after the second trasaction 200.1.2.3 ip will have rules in mangle table.
-#  1)  -a 172.16.92.44:tcp:80:80:0.0.0.0/0:,200.16.92.44:tcp:220:220:0.0.0.0/0:,
-#  2)  -a 172.16.92.44:tcp:80:80:0.0.0.0/0:,172.16.92.44:tcp:220:220:0.0.0.0/0:,
-
-
-success=0
-publicIps=
-rules_list=$(echo $rules | cut -d, -f1- --output-delimiter=" ")
-for r in $rules_list
-do
-  pubIp=$(echo $r | cut -d: -f1)
-  publicIps="$pubIp $publicIps"
-done
-
-unique_ips=$(echo $publicIps| tr " " "\n" | sort | uniq | tr "\n" " ")
-
-for u in $unique_ips
-do
-  fw_chain_for_ip $u
-done
-
-for r in $rules_list
-do
-  pubIp=$(echo $r | cut -d: -f1)
-  fw_entry_for_public_ip $r
-  success=$?
-  if [ $success -gt 0 ]
-  then
-    logger -t cloud "$(basename $0): failure to apply fw rules for ip $pubIp"
-    break
-  else
-    logger -t cloud "$(basename $0): successful in applying fw rules for ip $pubIp"
-  fi
-done
-
-if [ $success -gt 0 ]
-then
-    for p in $unique_ips
-    do
-      logger -t cloud "$(basename $0): restoring from backup for ip: $p"
-      fw_restore $p
-    done
-fi 
-for p in $unique_ips
-do
-   logger -t cloud "$(basename $0): deleting backup for ip: $p"
-   fw_remove_backup $p
-done
-
-unlock_exit $success $lock $locked
-

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/func.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/func.sh b/patches/systemvm/debian/config/root/func.sh
deleted file mode 100644
index 1796345..0000000
--- a/patches/systemvm/debian/config/root/func.sh
+++ /dev/null
@@ -1,143 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-# Only one lock is allowed: biglock
-
-# getLockFile() parameters
-# $1 lock filename
-# $2 timeout seconds
-
-#set -x
-
-getCurrLock() {
-    result=`ls $__LOCKDIR/*-$1.lock 2>/dev/null | head -n1`
-    while [ $? -ne 0 ]
-    do
-        result=`ls $__LOCKDIR/*-$1.lock 2>/dev/null| head -n1`
-    done
-    echo $result
-}
-
-getLockFile() {
-    lock=$1
-
-    __locked=0
-    __TS=`date +%s%N`
-    __LOCKDIR="/tmp"
-    __LOCKFILE="$__LOCKDIR/$__TS-$$-$lock.lock"
-
-    if [ $2 ]
-    then
-        __TIMEOUT=$2
-    else
-        __TIMEOUT=30
-    fi
-
-    if [ -e $__LOCKFILE ]
-    then
-        logger -t cloud "Process $0 pid $$ want to get ECLUSIVE LOCK $lock RECURSIVELY!"
-        psline=`ps u $$`
-        logger -t cloud "Failed job detail: $psline"
-        echo 0
-        return
-    fi
-
-    psline=`ps u $$`
-    echo $psline > $__LOCKFILE
-    if [ ! -e $__LOCKFILE ]
-    then
-        return
-    fi
-
-    for i in `seq 1 $(($__TIMEOUT * 10))`
-    do
-        currlock=$(getCurrLock $lock)
-        if [ $currlock -ef $__LOCKFILE ]
-        then
-            __locked=1
-            break
-        fi
-
-        sleep 0.1
-        if [ $((i % 10)) -eq 0 ]
-        then
-            logger -t cloud "Process $0 pid $$ waiting for the lock $lock for another 1 second"
-        fi
-    done
-    if [ $__locked -ne 1 ]
-    then
-        logger -t cloud "fail to acquire the lock $lock for process $0 pid $$ after $__TIMEOUT seconds time out!"
-        cmd=`cat $currlock 2>/dev/null`
-        if [ $? -eq 0 ]
-        then
-            logger -t cloud "waiting for process: $cmd"
-        else
-            logger -t cloud "didn't get info about process who we're waiting for"
-        fi
-        psline=`ps u $$`
-        logger -t cloud "Failed job detail: $psline"
-        rm $__LOCKFILE
-    fi
-    echo $__locked
-}
-
-# releaseLockFile() parameters
-# $1 lock filename
-# $2 locked(1) or not(0)
-releaseLockFile() {
-    __LOCKDIR="/tmp"
-    __LOCKFILE="$__LOCKDIR/*-$$-$1.lock"
-    __locked=$2
-    if [ "$__locked" == "1" ]
-    then
-        rm $__LOCKFILE
-    fi
-}
-
-# releaseLockFile() parameters
-# $1 exit value
-# $2 lock filename
-# $3 locked(1) or not(0)
-unlock_exit() {
-    releaseLockFile $2 $3
-    exit $1
-}
-
-# calcuate the ip & network mask
-rangecalc(){
-    local IFS='.'
-    local -a oct mask ip
-
-    read -ra oct <<<"$1"
-    read -ra mask <<<"$2"
-    for i in {0..3}
-    do
-        ip+=( "$(( oct[i] & mask[i] ))" )
-    done
-    echo "${ip[*]}"
-}
-
-#get cidr of the nic
-getcidr(){
-    local dev=$1
-    local mask=`ifconfig $dev|grep "Mask"|cut -d ":" -f 4`
-    local cidrsize=`ip addr show $dev|grep inet|head -n 1|awk '{print $2}'|cut -d '/' -f 2`
-    local ipaddr=`ip addr show $dev|grep inet|head -n 1|awk '{print $2}'|cut -d '/' -f 1`
-    local base=$(rangecalc $ipaddr $mask)
-    echo $base/$cidrsize
-}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/loadbalancer.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/loadbalancer.sh b/patches/systemvm/debian/config/root/loadbalancer.sh
deleted file mode 100755
index 2c7f77a..0000000
--- a/patches/systemvm/debian/config/root/loadbalancer.sh
+++ /dev/null
@@ -1,320 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
- 
-
-# $Id: loadbalancer.sh 9947 2010-06-25 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/xenserver/root/loadbalancer.sh $
-# loadbalancer.sh -- reconfigure loadbalancer rules
-# @VERSION@
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-
-usage() {
-  printf "Usage: %s:  -i <domR eth1 ip>  -a <added public ip address ip:port> -d <removed ip:port> -f <load balancer config> -s <stats ip ip:port:cidr>  \n" $(basename $0) >&2
-}
-
-# set -x
-
-# ensure that the nic has the public ip we are load balancing on
-ip_entry() {
-  local added=$1
-  local removed=$2
-  
-  if [ "$added" == "none" ]
-  then
-  	added=""
-  fi
-  
-  if [ "$removed" == "none" ]
-  then
-  	removed=""
-  fi
-  
-  local a=$(echo $added | cut -d, -f1- --output-delimiter=" ")
-  local r=$(echo $removed | cut -d, -f1- --output-delimiter=" ")
-  
-  for i in $a
-  do
-    local pubIp=$(echo $i | cut -d: -f1)
-    logger -t cloud "Adding  public ip $pubIp for load balancing"  
-    for vif in $VIF_LIST; do 
-      sudo ip addr add dev $vif $pubIp/32
-      #ignore error since it is because the ip is already there
-    done      
-  done
-
-  for i in $r
-  do
-    logger -t cloud "Removing  public ips for deleted loadbalancers"  
-    local pubIp=$(echo $i | cut -d: -f1)
-    logger -t cloud "Removing  public ip $pubIp for deleted loadbalancers"  
-    for vif in $VIF_LIST; do 
-      sudo ip addr del $pubIp/32 dev $vif 
-    done
-  done
-  
-  return 0
-}
-get_lb_vif_list() {
-# add eth0 to the VIF_LIST if it is not there, this allows guest VMs to use the LB service.
-  local lb_list="$VIF_LIST eth0";
-  lb_list=$(echo $lb_list | tr " " "\n" | sort | uniq | tr "\n" " ")
-  echo $lb_list
-}
-fw_remove_backup() {
-  local lb_vif_list=$(get_lb_vif_list)
-  for vif in $lb_vif_list; do 
-    sudo iptables -F back_load_balancer_$vif 2> /dev/null
-    sudo iptables -D INPUT -i $vif -p tcp  -j back_load_balancer_$vif 2> /dev/null
-    sudo iptables -X back_load_balancer_$vif 2> /dev/null
-  done
-  sudo iptables -F back_lb_stats 2> /dev/null
-  sudo iptables -D INPUT -p tcp  -j back_lb_stats 2> /dev/null
-  sudo iptables -X back_lb_stats 2> /dev/null
-}
-fw_restore() {
-  local lb_vif_list=$(get_lb_vif_list)
-  for vif in $lb_vif_list; do 
-    sudo iptables -F load_balancer_$vif 2> /dev/null
-    sudo iptables -D INPUT -i $vif -p tcp  -j load_balancer_$vif 2> /dev/null
-    sudo iptables -X load_balancer_$vif 2> /dev/null
-    sudo iptables -E back_load_balancer_$vif load_balancer_$vif 2> /dev/null
-  done
-  sudo iptables -F lb_stats 2> /dev/null
-  sudo iptables -D INPUT -p tcp  -j lb_stats 2> /dev/null
-  sudo iptables -X lb_stats 2> /dev/null
-  sudo iptables -E back_lb_stats lb_stats 2> /dev/null
-}
-# firewall entry to ensure that haproxy can receive on specified port
-fw_entry() {
-  local added=$1
-  local removed=$2
-  local stats=$3
-  
-  if [ "$added" == "none" ]
-  then
-  	added=""
-  fi
-  
-  if [ "$removed" == "none" ]
-  then
-  	removed=""
-  fi
-  
-  local a=$(echo $added | cut -d, -f1- --output-delimiter=" ")
-  local r=$(echo $removed | cut -d, -f1- --output-delimiter=" ")
-
-# back up the iptable rules by renaming before creating new. 
-  local lb_vif_list=$(get_lb_vif_list)
-  for vif in $lb_vif_list; do 
-    sudo iptables -E load_balancer_$vif back_load_balancer_$vif 2> /dev/null
-    sudo iptables -N load_balancer_$vif 2> /dev/null
-    sudo iptables -A INPUT -i $vif -p tcp  -j load_balancer_$vif
-  done
-  sudo iptables -E lb_stats back_lb_stats 2> /dev/null
-  sudo iptables -N lb_stats 2> /dev/null
-  sudo iptables -A INPUT  -p tcp  -j lb_stats
-
-  for i in $a
-  do
-    local pubIp=$(echo $i | cut -d: -f1)
-    local dport=$(echo $i | cut -d: -f2)    
-    local lb_vif_list=$(get_lb_vif_list)
-    for vif in $lb_vif_list; do 
-
-#TODO : The below delete will be used only when we upgrade the from older verion to the newer one , the below delete become obsolute in the future.
-      sudo iptables -D INPUT -i $vif  -p tcp -d $pubIp --dport $dport -j ACCEPT 2> /dev/null
-
-      sudo iptables -A load_balancer_$vif  -p tcp -d $pubIp --dport $dport -j ACCEPT
-      
-      if [ $? -gt 0 ]
-      then
-        return 1
-      fi
-    done      
-  done
-  local pubIp=$(echo $stats | cut -d: -f1)
-  local dport=$(echo $stats | cut -d: -f2)    
-  local cidrs=$(echo $stats | cut -d: -f3 | sed 's/-/,/')
-  sudo iptables -A lb_stats -s $cidrs -p tcp -m state --state NEW -d $pubIp --dport $dport -j ACCEPT
- 
-
-#TODO : The below delete in the for-loop  will be used only when we upgrade the from older verion to the newer one , the below delete become obsolute in the future.
-  for i in $r
-  do
-    local pubIp=$(echo $i | cut -d: -f1)
-    local dport=$(echo $i | cut -d: -f2)    
-    
-    for vif in $VIF_LIST; do 
-      sudo iptables -D INPUT -i $vif  -p tcp -d $pubIp --dport $dport -j ACCEPT 2> /dev/null
-    done
-  done
- 
-  return 0
-}
-
-#Hot reconfigure HA Proxy in the routing domain
-reconfig_lb() {
-  /root/reconfigLB.sh
-  return $?
-}
-
-# Restore the HA Proxy to its previous state, and revert iptables rules on DomR
-restore_lb() {
-  logger -t cloud "Restoring HA Proxy to previous state"
-  # Copy the old version of haproxy.cfg into the file that reconfigLB.sh uses
-  cp /etc/haproxy/haproxy.cfg.old /etc/haproxy/haproxy.cfg.new
-   
-  if [ $? -eq 0 ]
-  then
-    # Run reconfigLB.sh again
-    /root/reconfigLB.sh
-  fi
-}
-
-get_vif_list() {
-  local vif_list=""
-  for i in /sys/class/net/eth*; do 
-    vif=$(basename $i);
-    if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ]
-    then
-      vif_list="$vif_list $vif";
-    fi
-  done
-  if [ "$vif_list" == "" ]
-  then
-      vif_list="eth0"
-  fi
-  
-  logger -t cloud "Loadbalancer public interfaces = $vif_list"
-  echo $vif_list
-}
-
-mflag=
-iflag=
-aflag=
-dflag=
-fflag=
-sflag=
-
-while getopts 'i:a:d:f:s:' OPTION
-do
-  case $OPTION in
-  i)	iflag=1
-		domRIp="$OPTARG"
-		;;
-  a)	aflag=1
-		addedIps="$OPTARG"
-		;;
-  d)	dflag=1
-		removedIps="$OPTARG"
-		;;
-  f)	fflag=1
-		cfgfile="$OPTARG"
-		;;
-
-  s)	sflag=1
-		statsIp="$OPTARG"
-		;;
-  ?)	usage
-                unlock_exit 2 $lock $locked
-		;;
-  esac
-done
-
-if [ "$addedIps" == "" ]
-then
-  addedIps="none"
-fi
-
-
-if [ "$removedIps" == "" ]
-then
-  removedIps="none"
-fi
-
-VIF_LIST=$(get_vif_list)
-
-
-if [ "$addedIps" == "" ]
-then
-  addedIps="none"
-fi
-
-if [ "$removedIps" == "" ]
-then
-  removedIps="none"
-fi
-
-#FIXME: make this explicit via check on vm type or passed in flag
-if [ "$VIF_LIST" == "eth0"  ]
-then
-   ip_entry $addedIps $removedIps
-fi
-
-# hot reconfigure haproxy
-reconfig_lb $cfgfile
-
-if [ $? -gt 0 ]
-then
-  logger -t cloud "Reconfiguring loadbalancer failed"
-  #FIXME: make this explicit via check on vm type or passed in flag
-  if [ "$VIF_LIST" == "eth0"  ]
-  then
-     ip_entry $removedIps $addedIps
-  fi
-  unlock_exit 1 $lock $locked
-fi
-
-# iptables entry to ensure that haproxy receives traffic
-fw_entry $addedIps $removedIps $statsIp
-  	
-if [ $? -gt 0 ]
-then
-  logger -t cloud "Failed to apply firewall rules for load balancing, reverting HA Proxy config"
-  # Restore the LB
-  restore_lb
-
-
-  logger -t cloud "Reverting firewall config"
-  # Revert iptables rules on DomR
-  fw_restore
-
-  #FIXME: make this explicit via check on vm type or passed in flag
-  if [ "$VIF_LIST" == "eth0"  ]
-  then
-     logger -t cloud "Reverting ip address changes to eth0"
-     ip_entry $removedIps $addedIps
-  fi
-
-  unlock_exit 1 $lock $locked
-else
-  # Remove backedup iptable rules
-  fw_remove_backup
-fi
- 
-unlock_exit 0 $lock $locked
-  	
-

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/reconfigLB.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/reconfigLB.sh b/patches/systemvm/debian/config/root/reconfigLB.sh
deleted file mode 100755
index ab91a39..0000000
--- a/patches/systemvm/debian/config/root/reconfigLB.sh
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-
-ret=0
-# save previous state
-  mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.old
-  mv /var/run/haproxy.pid /var/run/haproxy.pid.old
-
-  mv /etc/haproxy/haproxy.cfg.new /etc/haproxy/haproxy.cfg
-  kill -TTOU $(cat /var/run/haproxy.pid.old)
-  sleep 2
-  if haproxy -D -p /var/run/haproxy.pid -f /etc/haproxy/haproxy.cfg; then
-    logger -t cloud "New haproxy instance successfully loaded, stopping previous one."
-    kill -KILL $(cat /var/run/haproxy.pid.old)
-    rm -f /var/run/haproxy.pid.old
-    ret=0
-  else
-    logger -t cloud "New instance failed to start, resuming previous one."
-    kill -TTIN $(cat /var/run/haproxy.pid.old)
-    rm -f /var/run/haproxy.pid
-    mv /var/run/haproxy.pid.old /var/run/haproxy.pid
-    mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.new
-    mv /etc/haproxy/haproxy.cfg.old /etc/haproxy/haproxy.cfg
-    ret=1
-  fi
-
-exit $ret
-

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/redundant_router/arping_gateways.sh.templ
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/redundant_router/arping_gateways.sh.templ b/patches/systemvm/debian/config/root/redundant_router/arping_gateways.sh.templ
deleted file mode 100644
index 931c959..0000000
--- a/patches/systemvm/debian/config/root/redundant_router/arping_gateways.sh.templ
+++ /dev/null
@@ -1,29 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist
-while read i
-do
-    ip addr show $i|grep "inet " > /tmp/iplist_$i
-    while read line
-    do
-        ip=`echo $line|cut -d " " -f 2|cut -d "/" -f 1`
-        arping -I $i -A $ip -c 1 >> [RROUTER_LOG] 2>&1
-        arping -I $i -A $ip -c 1 >> [RROUTER_LOG] 2>&1
-    done < /tmp/iplist_$i
-done < /tmp/iflist
-sleep 1

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/redundant_router/backup.sh.templ
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/redundant_router/backup.sh.templ b/patches/systemvm/debian/config/root/redundant_router/backup.sh.templ
deleted file mode 100644
index 32c811b..0000000
--- a/patches/systemvm/debian/config/root/redundant_router/backup.sh.templ
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-sleep 1
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-
-echo To backup called >> [RROUTER_LOG]
-[RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
-echo Disable public ip $? >> [RROUTER_LOG]
-[RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
-[RROUTER_BIN_PATH]/primary-backup.sh backup >> [RROUTER_LOG] 2>&1
-echo Switch conntrackd mode backup $? >> [RROUTER_LOG]
-echo Status: BACKUP >> [RROUTER_LOG]
-
-releaseLockFile $lock $locked
-exit 0

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/redundant_router/check_bumpup.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/redundant_router/check_bumpup.sh b/patches/systemvm/debian/config/root/redundant_router/check_bumpup.sh
deleted file mode 100644
index 7682bad..0000000
--- a/patches/systemvm/debian/config/root/redundant_router/check_bumpup.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-cat /tmp/rrouter_bumped

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/redundant_router/check_heartbeat.sh.templ
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/redundant_router/check_heartbeat.sh.templ b/patches/systemvm/debian/config/root/redundant_router/check_heartbeat.sh.templ
deleted file mode 100755
index 1a390e6..0000000
--- a/patches/systemvm/debian/config/root/redundant_router/check_heartbeat.sh.templ
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-
-if [ -e [RROUTER_BIN_PATH]/keepalived.ts2 ]
-then
-    lasttime=$(cat [RROUTER_BIN_PATH]/keepalived.ts2)
-    thistime=$(cat [RROUTER_BIN_PATH]/keepalived.ts)
-    diff=$(($thistime - $lasttime))
-    if [ $diff -lt 30 ]
-    then
-        echo Keepalived process is dead! >> [RROUTER_LOG]
-        service keepalived stop >> [RROUTER_LOG] 2>&1
-        service conntrackd stop >> [RROUTER_LOG] 2>&1
-	pkill -9 keepalived >> [RROUTER_LOG] 2>&1
-        [RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
-        echo Status: FAULT \(keepalived process is dead\) >> [RROUTER_LOG]
-        exit
-    fi
-fi
-
-cp [RROUTER_BIN_PATH]/keepalived.ts [RROUTER_BIN_PATH]/keepalived.ts2

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/redundant_router/checkrouter.sh.templ
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/redundant_router/checkrouter.sh.templ b/patches/systemvm/debian/config/root/redundant_router/checkrouter.sh.templ
deleted file mode 100755
index fbf4f0f..0000000
--- a/patches/systemvm/debian/config/root/redundant_router/checkrouter.sh.templ
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-
-source /root/func.sh
-
-nolock=0
-if [ $# -eq 1 ]
-then
-    if [ $1 == "--no-lock" ]
-    then
-        nolock=1
-    fi
-fi
-
-if [ $nolock -eq 0 ]
-then
-    lock="biglock"
-    locked=$(getLockFile $lock)
-    if [ "$locked" != "1" ]
-    then
-        exit 1
-    fi
-fi
-
-bumped="Bumped: NO"
-if [ -e /tmp/rrouter_bumped ]
-then
-    bumped="Bumped: YES"
-fi
-
-stat=`tail -n 1 [RROUTER_LOG] | grep "Status"`
-if [ $? -eq 0 ]
-then
-    echo "$stat&$bumped"
-fi
-
-if [ $nolock -eq 0 ]
-then
-    unlock_exit $? $lock $locked
-fi

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/redundant_router/conntrackd.conf.templ
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/redundant_router/conntrackd.conf.templ b/patches/systemvm/debian/config/root/redundant_router/conntrackd.conf.templ
deleted file mode 100644
index 091de10..0000000
--- a/patches/systemvm/debian/config/root/redundant_router/conntrackd.conf.templ
+++ /dev/null
@@ -1,401 +0,0 @@
-#
-# Synchronizer settings
-#
-Sync {
-	Mode FTFW {
-		#
-		# Size of the resend queue (in objects). This is the maximum
-		# number of objects that can be stored waiting to be confirmed
-		# via acknoledgment. If you keep this value low, the daemon
-		# will have less chances to recover state-changes under message
-		# omission. On the other hand, if you keep this value high,
-		# the daemon will consume more memory to store dead objects.
-		# Default is 131072 objects.
-		#
-		# ResendQueueSize 131072
-
-		#
-		# This parameter allows you to set an initial fixed timeout
-		# for the committed entries when this node goes from backup
-		# to primary. This mechanism provides a way to purge entries
-		# that were not recovered appropriately after the specified
-		# fixed timeout. If you set a low value, TCP entries in
-		# Established states with no traffic may hang. For example,
-		# an SSH connection without KeepAlive enabled. If not set,
-		# the daemon uses an approximate timeout value calculation
-		# mechanism. By default, this option is not set.
-		#
-		# CommitTimeout 180
-
-		#
-		# If the firewall replica goes from primary to backup,
-		# the conntrackd -t command is invoked in the script. 
-		# This command schedules a flush of the table in N seconds.
-		# This is useful to purge the connection tracking table of
-		# zombie entries and avoid clashes with old entries if you
-		# trigger several consecutive hand-overs. Default is 60 seconds.
-		#
-		# PurgeTimeout 60
-
-		# Set the acknowledgement window size. If you decrease this
-		# value, the number of acknowlegdments increases. More
-		# acknowledgments means more overhead as conntrackd has to
-		# handle more control messages. On the other hand, if you
-		# increase this value, the resend queue gets more populated.
-		# This results in more overhead in the queue releasing.
-		# The following value is based on some practical experiments
-		# measuring the cycles spent by the acknowledgment handling
-		# with oprofile. If not set, default window size is 300.
-		#
-		# ACKWindowSize 300
-
-		#
-		# This clause allows you to disable the external cache. Thus,
-		# the state entries are directly injected into the kernel
-		# conntrack table. As a result, you save memory in user-space
-		# but you consume slots in the kernel conntrack table for
-		# backup state entries. Moreover, disabling the external cache
-		# means more CPU consumption. You need a Linux kernel
-		# >= 2.6.29 to use this feature. By default, this clause is
-		# set off. If you are installing conntrackd for first time,
-		# please read the user manual and I encourage you to consider
-		# using the fail-over scripts instead of enabling this option!
-		#
-		# DisableExternalCache Off
-	}
-
-	#
-	# Multicast IP and interface where messages are
-	# broadcasted (dedicated link). IMPORTANT: Make sure
-	# that iptables accepts traffic for destination
-	# 225.0.0.50, eg:
-	#
-	#	iptables -I INPUT -d 225.0.0.50 -j ACCEPT
-	#	iptables -I OUTPUT -d 225.0.0.50 -j ACCEPT
-	#
-	Multicast {
-		# 
-		# Multicast address: The address that you use as destination
-		# in the synchronization messages. You do not have to add
-		# this IP to any of your existing interfaces. If any doubt,
-		# do not modify this value.
-		#
-		IPv4_address 225.0.0.50
-
-		#
-		# The multicast group that identifies the cluster. If any
-		# doubt, do not modify this value.
-		#
-		Group 3780
-
-		#
-		# IP address of the interface that you are going to use to
-		# send the synchronization messages. Remember that you must
-		# use a dedicated link for the synchronization messages.
-		#
-		IPv4_interface [LINK_IP]
-
-		#
-		# The name of the interface that you are going to use to
-		# send the synchronization messages.
-		#
-		Interface [LINK_IF]
-
-		# The multicast sender uses a buffer to enqueue the packets
-		# that are going to be transmitted. The default size of this
-		# socket buffer is available at /proc/sys/net/core/wmem_default.
-		# This value determines the chances to have an overrun in the
-		# sender queue. The overrun results packet loss, thus, losing
-		# state information that would have to be retransmitted. If you
-		# notice some packet loss, you may want to increase the size
-		# of the sender buffer. The default size is usually around
-		# ~100 KBytes which is fairly small for busy firewalls.
-		#
-		SndSocketBuffer 1249280
-
-		# The multicast receiver uses a buffer to enqueue the packets
-		# that the socket is pending to handle. The default size of this
-		# socket buffer is available at /proc/sys/net/core/rmem_default.
-		# This value determines the chances to have an overrun in the
-		# receiver queue. The overrun results packet loss, thus, losing
-		# state information that would have to be retransmitted. If you
-		# notice some packet loss, you may want to increase the size of
-		# the receiver buffer. The default size is usually around
-		# ~100 KBytes which is fairly small for busy firewalls.
-		#
-		RcvSocketBuffer 1249280
-
-		# 
-		# Enable/Disable message checksumming. This is a good
-		# property to achieve fault-tolerance. In case of doubt, do
-		# not modify this value.
-		#
-		Checksum on
-	}
-	#
-	# You can specify more than one dedicated link. Thus, if one dedicated
-	# link fails, conntrackd can fail-over to another. Note that adding
-	# more than one dedicated link does not mean that state-updates will
-	# be sent to all of them. There is only one active dedicated link at
-	# a given moment. The `Default' keyword indicates that this interface
-	# will be selected as the initial dedicated link. You can have 
-	# up to 4 redundant dedicated links. Note: Use different multicast 
-	# groups for every redundant link.
-	#
-	# Multicast Default {
-	#	IPv4_address 225.0.0.51
-	#	Group 3781
-	#	IPv4_interface 192.168.100.101
-	#	Interface eth3
-	#	# SndSocketBuffer 1249280
-	#	# RcvSocketBuffer 1249280
-	#	Checksum on
-	# }
-
-	#
-	# You can use Unicast UDP instead of Multicast to propagate events.
-	# Note that you cannot use unicast UDP and Multicast at the same
-	# time, you can only select one.
-	# 
-	# UDP {
-		# 
-		# UDP address that this firewall uses to listen to events.
-		#
-		# IPv4_address 192.168.2.100
-		#
-		# or you may want to use an IPv6 address:
-		#
-		# IPv6_address fe80::215:58ff:fe28:5a27
-
-		#
-		# Destination UDP address that receives events, ie. the other
-		# firewall's dedicated link address.
-		#
-		# IPv4_Destination_Address 192.168.2.101
-		#
-		# or you may want to use an IPv6 address:
-		#
-		# IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c
-
-		#
-		# UDP port used
-		#
-		# Port 3780
-
-		#
-		# The name of the interface that you are going to use to
-		# send the synchronization messages.
-		#
-		# Interface eth2
-
-		# 
-		# The sender socket buffer size
-		#
-		# SndSocketBuffer 1249280
-
-		#
-		# The receiver socket buffer size
-		#
-		# RcvSocketBuffer 1249280
-
-		# 
-		# Enable/Disable message checksumming. 
-		#
-		# Checksum on
-	# }
-
-}
-
-#
-# General settings
-#
-General {
-	#
-	# Set the nice value of the daemon, this value goes from -20
-	# (most favorable scheduling) to 19 (least favorable). Using a
-	# very low value reduces the chances to lose state-change events.
-	# Default is 0 but this example file sets it to most favourable
-	# scheduling as this is generally a good idea. See man nice(1) for
-	# more information.
-	#
-	Nice -20
-
-	#
-	# Select a different scheduler for the daemon, you can select between
-	# RR and FIFO and the process priority (minimum is 0, maximum is 99).
-	# See man sched_setscheduler(2) for more information. Using a RT
-	# scheduler reduces the chances to overrun the Netlink buffer.
-	#
-	# Scheduler {
-	#	Type FIFO
-	#	Priority 99
-	# }
-
-	#
-	# Number of buckets in the cache hashtable. The bigger it is,
-	# the closer it gets to O(1) at the cost of consuming more memory.
-	# Read some documents about tuning hashtables for further reference.
-	#
-	HashSize 32768
-
-	#
-	# Maximum number of conntracks, it should be double of: 
-	# $ cat /proc/sys/net/netfilter/nf_conntrack_max
-	# since the daemon may keep some dead entries cached for possible
-	# retransmission during state synchronization.
-	#
-	HashLimit 131072
-
-	#
-	# Logfile: on (/var/log/conntrackd.log), off, or a filename
-	# Default: off
-	#
-	LogFile on
-
-	#
-	# Syslog: on, off or a facility name (daemon (default) or local0..7)
-	# Default: off
-	#
-	#Syslog on
-
-	#
-	# Lockfile
-	# 
-	LockFile /var/lock/conntrack.lock
-
-	#
-	# Unix socket configuration
-	#
-	UNIX {
-		Path /var/run/conntrackd.ctl
-		Backlog 20
-	}
-
-	#
-	# Netlink event socket buffer size. If you do not specify this clause,
-	# the default buffer size value in /proc/net/core/rmem_default is
-	# used. This default value is usually around 100 Kbytes which is
-	# fairly small for busy firewalls. This leads to event message dropping
-	# and high CPU consumption. This example configuration file sets the
-	# size to 2 MBytes to avoid this sort of problems.
-	#
-	NetlinkBufferSize 2097152
-
-	#
-	# The daemon doubles the size of the netlink event socket buffer size
-	# if it detects netlink event message dropping. This clause sets the
-	# maximum buffer size growth that can be reached. This example file
-	# sets the size to 8 MBytes.
-	#
-	NetlinkBufferSizeMaxGrowth 8388608
-
-	#
-	# If the daemon detects that Netlink is dropping state-change events,
-	# it automatically schedules a resynchronization against the Kernel
-	# after 30 seconds (default value). Resynchronizations are expensive
-	# in terms of CPU consumption since the daemon has to get the full
-	# kernel state-table and purge state-entries that do not exist anymore.
-	# Be careful of setting a very small value here. You have the following
-	# choices: On (enabled, use default 30 seconds value), Off (disabled)
-	# or Value (in seconds, to set a specific amount of time). If not
-	# specified, the daemon assumes that this option is enabled.
-	#
-	# NetlinkOverrunResync On
-
-	#
-	# If you want reliable event reporting over Netlink, set on this
-	# option. If you set on this clause, it is a good idea to set off
-	# NetlinkOverrunResync. This option is off by default and you need
-	# a Linux kernel >= 2.6.31.
-	#
-	# NetlinkEventsReliable Off
-
-	# 
-	# By default, the daemon receives state updates following an
-	# event-driven model. You can modify this behaviour by switching to
-	# polling mode with the PollSecs clause. This clause tells conntrackd
-	# to dump the states in the kernel every N seconds. With regards to
-	# synchronization mode, the polling mode can only guarantee that
-	# long-lifetime states are recovered. The main advantage of this method
-	# is the reduction in the state replication at the cost of reducing the
-	# chances of recovering connections.
-	#
-	# PollSecs 15
-
-	#
-	# The daemon prioritizes the handling of state-change events coming
-	# from the core. With this clause, you can set the maximum number of
-	# state-change events (those coming from kernel-space) that the daemon
-	# will handle after which it will handle other events coming from the
-	# network or userspace. A low value improves interactivity (in terms of
-	# real-time behaviour) at the cost of extra CPU consumption.
-	# Default (if not set) is 100.
-	#
-	# EventIterationLimit 100
-
-	#
-	# Event filtering: This clause allows you to filter certain traffic,
-	# There are currently three filter-sets: Protocol, Address and
-	# State. The filter is attached to an action that can be: Accept or
-	# Ignore. Thus, you can define the event filtering policy of the
-	# filter-sets in positive or negative logic depending on your needs.
-	# You can select if conntrackd filters the event messages from 
-	# user-space or kernel-space. The kernel-space event filtering
-	# saves some CPU cycles by avoiding the copy of the event message
-	# from kernel-space to user-space. The kernel-space event filtering
-	# is prefered, however, you require a Linux kernel >= 2.6.29 to
-	# filter from kernel-space. If you want to select kernel-space 
-	# event filtering, use the keyword 'Kernelspace' instead of 
-	# 'Userspace'.
-	#
-	Filter From Userspace {
-		#
-		# Accept only certain protocols: You may want to replicate
-		# the state of flows depending on their layer 4 protocol.
-		#
-		Protocol Accept {
-			TCP
-			SCTP
-			DCCP
-			# UDP
-			# ICMP # This requires a Linux kernel >= 2.6.31
-		}
-
-		#
-		# Ignore traffic for a certain set of IP's: Usually all the
-		# IP assigned to the firewall since local traffic must be
-		# ignored, only forwarded connections are worth to replicate.
-		# Note that these values depends on the local IPs that are
-		# assigned to the firewall.
-		#
-		Address Ignore {
-			IPv4_address 127.0.0.1 # loopback
-            IPv4_address [IGNORE_IP1]
-            IPv4_address [IGNORE_IP2]
-            IPv4_address [IGNORE_IP3]
-			#IPv4_address 192.168.0.100 # virtual IP 1
-			#IPv4_address 192.168.1.100 # virtual IP 2
-			#IPv4_address 192.168.0.1
-			#IPv4_address 192.168.1.1
-			#IPv4_address 192.168.100.100 # dedicated link ip
-			#
-			# You can also specify networks in format IP/cidr.
-			# IPv4_address 192.168.0.0/24
-			#
-			# You can also specify an IPv6 address
-			# IPv6_address ::1
-		}
-
-		#
-		# Uncomment this line below if you want to filter by flow state.
-		# This option introduces a trade-off in the replication: it
-		# reduces CPU consumption at the cost of having lazy backup 
-		# firewall replicas. The existing TCP states are: SYN_SENT,
-		# SYN_RECV, ESTABLISHED, FIN_WAIT, CLOSE_WAIT, LAST_ACK,
-		# TIME_WAIT, CLOSED, LISTEN.
-		#
-		# State Accept {
-		#	ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP
-		# }
-	}
-}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/redundant_router/disable_pubip.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/redundant_router/disable_pubip.sh b/patches/systemvm/debian/config/root/redundant_router/disable_pubip.sh
deleted file mode 100644
index ee4e894..0000000
--- a/patches/systemvm/debian/config/root/redundant_router/disable_pubip.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist
-while read i
-do
-    ifconfig $i down
-done < /tmp/iflist

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/redundant_router/enable_pubip.sh.templ
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/redundant_router/enable_pubip.sh.templ b/patches/systemvm/debian/config/root/redundant_router/enable_pubip.sh.templ
deleted file mode 100644
index 0e2d03a..0000000
--- a/patches/systemvm/debian/config/root/redundant_router/enable_pubip.sh.templ
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist
-ip addr show eth2 | grep "inet" 2>&1 > /dev/null
-is_init=$?
-
-set -e
-
-while read i
-do
-    # if eth2'ip has already been configured, we would use ifconfig rather than ifdown/ifup
-    if [ "$i" == "eth2" -a "$is_init" != "0" ]
-    then
-        ifdown $i
-        ifup $i
-    else
-        ifconfig $i down
-        ifconfig $i up
-    fi
-done < /tmp/iflist
-ip route add default via [GATEWAY] dev eth2

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/redundant_router/fault.sh.templ
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/redundant_router/fault.sh.templ b/patches/systemvm/debian/config/root/redundant_router/fault.sh.templ
deleted file mode 100644
index aecb08d..0000000
--- a/patches/systemvm/debian/config/root/redundant_router/fault.sh.templ
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-
-echo To fault called >> [RROUTER_LOG]
-[RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
-[RROUTER_BIN_PATH]/primary-backup.sh fault >> [RROUTER_LOG] 2>&1
-echo Status: FAULT >> [RROUTER_LOG]
-
-releaseLockFile $lock $locked

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/redundant_router/heartbeat.sh.templ
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/redundant_router/heartbeat.sh.templ b/patches/systemvm/debian/config/root/redundant_router/heartbeat.sh.templ
deleted file mode 100755
index e064c1a..0000000
--- a/patches/systemvm/debian/config/root/redundant_router/heartbeat.sh.templ
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-t=$(date +%s)
-echo $t > [RROUTER_BIN_PATH]/keepalived.ts

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/redundant_router/keepalived.conf.templ
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/redundant_router/keepalived.conf.templ b/patches/systemvm/debian/config/root/redundant_router/keepalived.conf.templ
deleted file mode 100644
index a4969a5..0000000
--- a/patches/systemvm/debian/config/root/redundant_router/keepalived.conf.templ
+++ /dev/null
@@ -1,57 +0,0 @@
-! Licensed to the Apache Software Foundation (ASF) under one
-! or more contributor license agreements.  See the NOTICE file
-! distributed with this work for additional information
-! regarding copyright ownership.  The ASF licenses this file
-! to you under the Apache License, Version 2.0 (the
-! "License"); you may not use this file except in compliance
-! with the License.  You may obtain a copy of the License at
-!
-!   http://www.apache.org/licenses/LICENSE-2.0
-!
-! Unless required by applicable law or agreed to in writing,
-! software distributed under the License is distributed on an
-! "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-! KIND, either express or implied.  See the License for the
-! specific language governing permissions and limitations
-! under the License.
-
-global_defs {
-   router_id [ROUTER_ID]
-}
-
-vrrp_script check_bumpup {
-    script "[RROUTER_BIN_PATH]/check_bumpup.sh"
-    interval 5
-    weight [DELTA]
-}
-
-vrrp_script heartbeat {
-    script "[RROUTER_BIN_PATH]/heartbeat.sh"
-    interval 10
-}
-
-vrrp_instance inside_network {
-    state BACKUP
-    interface eth0
-    virtual_router_id 51
-    priority [PRIORITY]
-
-    advert_int 1
-    authentication {
-        auth_type PASS
-        auth_pass WORD
-    }
-
-    virtual_ipaddress {
-        [ROUTER_IP] brd [BOARDCAST] dev eth0
-    }
-
-    track_script {
-        check_bumpup
-        heartbeat
-    }
-
-    notify_master "[RROUTER_BIN_PATH]/master.sh"
-    notify_backup "[RROUTER_BIN_PATH]/backup.sh"
-    notify_fault "[RROUTER_BIN_PATH]/fault.sh"
-}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/redundant_router/master.sh.templ
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/redundant_router/master.sh.templ b/patches/systemvm/debian/config/root/redundant_router/master.sh.templ
deleted file mode 100644
index 11ca628..0000000
--- a/patches/systemvm/debian/config/root/redundant_router/master.sh.templ
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-
-echo To master called >> [RROUTER_LOG]
-[RROUTER_BIN_PATH]/enable_pubip.sh >> [RROUTER_LOG] 2>&1
-ret=$?
-if [ $ret -eq 0 ]
-then
-    [RROUTER_BIN_PATH]/services.sh restart >> [RROUTER_LOG] 2>&1
-    ret=$?
-fi
-last_msg=`tail -n 1 [RROUTER_LOG]`
-echo Enable public ip returned $ret >> [RROUTER_LOG]
-if [ $ret -ne 0 ]
-then
-    echo Fail to enable public ip! >> [RROUTER_LOG]
-    [RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
-    [RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
-    service keepalived stop >> [RROUTER_LOG] 2>&1
-    service conntrackd stop >> [RROUTER_LOG] 2>&1
-    echo Status: FAULT \($last_msg\) >> [RROUTER_LOG]
-    releaseLockFile $lock $locked
-    exit
-fi
-[RROUTER_BIN_PATH]/primary-backup.sh primary >> [RROUTER_LOG] 2>&1
-ret=$?
-echo Switch conntrackd mode primary returned $ret >> [RROUTER_LOG]
-if [ $ret -ne 0 ]
-then
-    echo Fail to switch conntrackd mode, but try to continue working >> [RROUTER_LOG]
-fi
-[RROUTER_BIN_PATH]/arping_gateways.sh
-echo Status: MASTER >> [RROUTER_LOG]
-
-releaseLockFile $lock $locked
-exit 0

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/redundant_router/primary-backup.sh.templ
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/redundant_router/primary-backup.sh.templ b/patches/systemvm/debian/config/root/redundant_router/primary-backup.sh.templ
deleted file mode 100644
index 4eb9eaf..0000000
--- a/patches/systemvm/debian/config/root/redundant_router/primary-backup.sh.templ
+++ /dev/null
@@ -1,126 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-CONNTRACKD_BIN=/usr/sbin/conntrackd
-CONNTRACKD_LOCK=/var/lock/conntrack.lock
-CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf
-CONNTRACKD_LOG=[RROUTER_LOG]
-
-case "$1" in
-  primary)
-    #
-    # commit the external cache into the kernel table
-    #
-    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c
-    if [ $? -eq 1 ]
-    then
-        logger "ERROR: failed to invoke conntrackd -c"
-    fi
-
-    #
-    # flush the internal and the external caches
-    #
-    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -f
-    if [ $? -eq 1 ]
-    then
-    	logger "ERROR: failed to invoke conntrackd -f"
-    fi
-
-    #
-    # resynchronize my internal cache to the kernel table
-    #
-    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -R
-    if [ $? -eq 1 ]
-    then
-    	logger "ERROR: failed to invoke conntrackd -R"
-    fi
-
-    #
-    # send a bulk update to backups 
-    #
-    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -B
-    if [ $? -eq 1 ]
-    then
-        logger "ERROR: failed to invoke conntrackd -B"
-    fi
-    echo Conntrackd switch to primary done >> $CONNTRACKD_LOG
-    ;;
-  backup)
-    #
-    # is conntrackd running? request some statistics to check it
-    #
-    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -s
-    if [ $? -eq 1 ]
-    then
-        #
-	# something's wrong, do we have a lock file?
-	#
-    	if [ -f $CONNTRACKD_LOCK ]
-	then
-	    logger "WARNING: conntrackd was not cleanly stopped."
-	    logger "If you suspect that it has crashed:"
-	    logger "1) Enable coredumps"
-	    logger "2) Try to reproduce the problem"
-	    logger "3) Post the coredump to netfilter-devel@vger.kernel.org"
-	    rm -f $CONNTRACKD_LOCK
-	fi
-	$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d
-	if [ $? -eq 1 ]
-	then
-	    logger "ERROR: cannot launch conntrackd"
-	    exit 1
-	fi
-    fi
-    #
-    # shorten kernel conntrack timers to remove the zombie entries.
-    #
-    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
-    if [ $? -eq 1 ]
-    then
-    	logger "ERROR: failed to invoke conntrackd -t"
-    fi
-
-    #
-    # request resynchronization with master firewall replica (if any)
-    # Note: this does nothing in the alarm approach.
-    #
-    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -n
-    if [ $? -eq 1 ]
-    then
-    	logger "ERROR: failed to invoke conntrackd -n"
-    fi
-    echo Conntrackd switch to backup done >> $CONNTRACKD_LOG
-    ;;
-  fault)
-    #
-    # shorten kernel conntrack timers to remove the zombie entries.
-    #
-    $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
-    if [ $? -eq 1 ]
-    then
-    	logger "ERROR: failed to invoke conntrackd -t"
-    fi
-    echo Conntrackd switch to fault done >> $CONNTRACKD_LOG
-    ;;
-  *)
-    logger "conntrackd: ERROR: unknown state transition: " $1
-    echo "Usage: primary-backup.sh {primary|backup|fault}"
-    exit 1
-    ;;
-esac
-
-exit 0

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/redundant_router/services.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/redundant_router/services.sh b/patches/systemvm/debian/config/root/redundant_router/services.sh
deleted file mode 100644
index b7ebeed..0000000
--- a/patches/systemvm/debian/config/root/redundant_router/services.sh
+++ /dev/null
@@ -1,68 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-vpn_service() {
-	ps aux|grep ipsec | grep -v grep > /dev/null
-	no_vpn=$?
-	if [ $no_vpn -eq 1 ]
-	then
-		return 0
-	fi
-	r=0
-	case "$1" in
-		stop)
-			service ipsec stop && \
-			service xl2tpd stop
-			r=$?
-			;;
-		restart)
-			service ipsec restart && \
-			service xl2tpd restart
-			r=$?
-			;;
-	esac
-	return $r
-}
-
-ret=0
-case "$1" in
-    start)
-	vpn_service restart && \
-        service cloud-passwd-srvr start && \
-        service dnsmasq start
-	ret=$?
-        ;;
-    stop)
-	vpn_service stop && \
-        service cloud-passwd-srvr stop && \
-        service dnsmasq stop
-	ret=$?
-        ;;
-    restart)
-	vpn_service restart && \
-        service cloud-passwd-srvr restart && \
-        service dnsmasq restart
-	ret=$?
-        ;;
-    *)
-        echo "Usage: services {start|stop|restart}"
-        exit 1
-	;;
-esac
-
-exit $ret

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/savepassword.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/savepassword.sh b/patches/systemvm/debian/config/root/savepassword.sh
deleted file mode 100755
index fc73603..0000000
--- a/patches/systemvm/debian/config/root/savepassword.sh
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-
- 
-
-# Usage
-#	save_password -v <user VM IP> -p <password>
-
-source /root/func.sh
-
-lock="passwdlock"
-#default timeout value is 30 mins as password reset command is not synchronized on agent side any more,
-#and multiple commands can be sent to the same VR at a time
-locked=$(getLockFile $lock 1800)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-
-PASSWD_FILE=/var/cache/cloud/passwords
-
-while getopts 'v:p:' OPTION
-do
-  case $OPTION in
-  v)	VM_IP="$OPTARG"
-		;;
-  p)	
-		ENCODEDPASSWORD="$OPTARG"
-		PASSWORD=$(echo $ENCODEDPASSWORD | tr '[a-m][n-z][A-M][N-Z]' '[n-z][a-m][N-Z][A-M]')
-		;;
-  ?)	echo "Incorrect usage"
-                unlock_exit 1 $lock $locked
-		;;
-  esac
-done
-
-[ -f $PASSWD_FILE ] ||  touch $PASSWD_FILE
-
-sed -i /$VM_IP/d $PASSWD_FILE
-echo "$VM_IP=$PASSWORD" >> $PASSWD_FILE
-
-unlock_exit $? $lock $locked

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6c261042/patches/systemvm/debian/config/root/userdata.py
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/root/userdata.py b/patches/systemvm/debian/config/root/userdata.py
deleted file mode 100644
index cc130a5..0000000
--- a/patches/systemvm/debian/config/root/userdata.py
+++ /dev/null
@@ -1,92 +0,0 @@
-#!/usr/bin/python
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
- 
-
-
-import sys
-import base64
-import string 
-import os
-import tempfile
-from subprocess import call
-
-def vm_data(args):
-
-    router_ip = args.pop('routerIP')
-    vm_ip = args.pop('vmIP')
-
-    for pair in args:
-        pairList = pair.split(',')
-        vmDataFolder = pairList[0]
-        vmDataFile = pairList[1]
-        vmDataValue = args[pair]
-        cmd = ["/bin/bash", "/root/userdata.sh", "-v", vm_ip, "-F", vmDataFolder, "-f", vmDataFile]
-        
-        fd = None
-        tmp_path = None
-       
-        try:
-            fd,tmp_path = tempfile.mkstemp()
-            tmpfile = open(tmp_path, 'w')
-
-            if (vmDataFolder == "userdata" and vmDataValue != "none"):
-                vmDataValue = base64.urlsafe_b64decode(vmDataValue)
-            
-            if vmDataValue != "none":
-                tmpfile.write(vmDataValue)
-            
-            tmpfile.close()
-            cmd.append("-d")
-            cmd.append(tmp_path)
-        except:
-            if fd !=None:
-                os.close(fd)
-                os.remove(tmp_path)
-                return ''
-        
-        try:
-            call(cmd)
-            txt = 'success'
-        except:
-            txt = ''
-
-        if (fd != None):
-            os.close(fd)
-            os.remove(tmp_path)
-
-    return txt
-
-def parseFileData(fileName):
-    args = {} 
-    fd = open(fileName)
-
-    line = fd.readline()
-    while (line != ""):
-        key=string.strip(line[:], '\n')
-        if (key == ""):
-            break
-	  
-        line=fd.readline()
-        val=string.strip(line[:], '\n')
-        args[key]=val
-        line=fd.readline()
-    return args
-
-if __name__ == "__main__":
-	vm_data(parseFileData("/tmp/" + sys.argv[1]))
-


Mime
View raw message