cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject [4/6] git commit: updated refs/heads/master to 791f9df
Date Thu, 19 Nov 2015 16:59:39 GMT
CLOUDSTACK-9067 - Remove old script file from the project

   - Java constants also removed
   - Project still compiling and all unit tests passing.


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/6477bd8f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/6477bd8f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/6477bd8f

Branch: refs/heads/master
Commit: 6477bd8ff7f982e10d0d20a97857262897dc05ed
Parents: bf0c4f2
Author: Wilder Rodrigues <wrodrigues@schubergphilis.com>
Authored: Tue Nov 17 12:14:56 2015 +0100
Committer: Wilder Rodrigues <wrodrigues@schubergphilis.com>
Committed: Tue Nov 17 15:58:22 2015 +0100

----------------------------------------------------------------------
 .../resource/virtualnetwork/VRScripts.java      |  20 +-
 .../VirtualRoutingResourceTest.java             | 217 +----------
 .../config/opt/cloud/bin/createIpAlias.sh       | 129 -------
 .../config/opt/cloud/bin/deleteIpAlias.sh       |  62 ----
 .../config/opt/cloud/bin/firewall_egress.sh     | 188 ----------
 .../config/opt/cloud/bin/firewall_ingress.sh    | 202 -----------
 .../debian/config/opt/cloud/bin/firewall_nat.sh | 358 -------------------
 .../config/opt/cloud/bin/getRouterAlerts.sh     |  55 ---
 .../debian/config/opt/cloud/bin/vpc_acl.sh      | 250 -------------
 .../debian/config/opt/cloud/bin/vpc_guestnw.sh  | 316 ----------------
 .../debian/config/opt/cloud/bin/vpc_ipassoc.sh  | 223 ------------
 .../config/opt/cloud/bin/vpc_loadbalancer.sh    | 229 ------------
 .../config/opt/cloud/bin/vpc_portforwarding.sh  | 126 -------
 .../config/opt/cloud/bin/vpc_privateGateway.sh  |  98 -----
 .../config/opt/cloud/bin/vpc_privategw_acl.sh   | 229 ------------
 .../config/opt/cloud/bin/vpc_staticnat.sh       | 124 -------
 16 files changed, 7 insertions(+), 2819 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6477bd8f/core/src/com/cloud/agent/resource/virtualnetwork/VRScripts.java
----------------------------------------------------------------------
diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/VRScripts.java b/core/src/com/cloud/agent/resource/virtualnetwork/VRScripts.java
index 109801c..a251505 100644
--- a/core/src/com/cloud/agent/resource/virtualnetwork/VRScripts.java
+++ b/core/src/com/cloud/agent/resource/virtualnetwork/VRScripts.java
@@ -45,37 +45,25 @@ public class VRScripts {
     // New scripts for use with chef
     public static final String UPDATE_CONFIG = "update_config.py";
 
+    // Script still in use - mostly by HyperV
     public static final String S2SVPN_CHECK = "checkbatchs2svpn.sh";
     public static final String S2SVPN_IPSEC = "ipsectunnel.sh";
     public static final String DHCP = "edithosts.sh";
     public static final String DNSMASQ_CONFIG = "dnsmasq.sh";
-    public static final String FIREWALL_EGRESS = "firewall_egress.sh";
-    public static final String FIREWALL_INGRESS = "firewall_ingress.sh";
-    public static final String FIREWALL_NAT = "firewall_nat.sh";
-    public static final String IPALIAS_CREATE = "createipAlias.sh";
-    public static final String IPALIAS_DELETE = "deleteipAlias.sh";
     public static final String IPASSOC = "ipassoc.sh";
     public static final String LB = "loadbalancer.sh";
     public static final String MONITOR_SERVICE = "monitor_service.sh";
-    public static final String ROUTER_ALERTS = "getRouterAlerts.sh";
     public static final String PASSWORD = "savepassword.sh";
+    public static final String ROUTER_ALERTS = "getRouterAlerts.sh";
     public static final String RVR_CHECK = "checkrouter.sh";
-    public static final String RVR_BUMPUP_PRI = "bumpup_priority.sh";
     public static final String VMDATA = "vmdata.py";
+    public static final String RVR_BUMPUP_PRI = "bumpup_priority.sh";
     public static final String VERSION = "get_template_version.sh";
-    public static final String VPC_ACL = "vpc_acl.sh";
-    public static final String VPC_GUEST_NETWORK = "vpc_guestnw.sh";
-    public static final String VPC_IPASSOC = "vpc_ipassoc.sh";
-    public static final String VPC_LB = "vpc_loadbalancer.sh";
-    public static final String VPC_PRIVATEGW = "vpc_privateGateway.sh";
-    public static final String VPC_PRIVATEGW_ACL = "vpc_privategw_acl.sh";
-    public static final String VPC_PORTFORWARDING = "vpc_portforwarding.sh";
     public static final String VPC_SOURCE_NAT = "vpc_snat.sh";
-    public static final String VPC_STATIC_NAT = "vpc_staticnat.sh";
     public static final String VPC_STATIC_ROUTE = "vpc_staticroute.sh";
     public static final String VPN_L2TP = "vpn_l2tp.sh";
     public static final String UPDATE_HOST_PASSWD = "update_host_passwd.sh";
 
     public static final String VR_CFG = "vr_cfg.sh";
 
-}
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6477bd8f/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
----------------------------------------------------------------------
diff --git a/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java b/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
index 5942a17..c4e134b 100644
--- a/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
+++ b/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
@@ -24,8 +24,6 @@ import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
 import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
 import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
@@ -83,9 +81,6 @@ import com.cloud.network.vpc.NetworkACLItem.TrafficType;
 import com.cloud.network.vpc.VpcGateway;
 import com.cloud.utils.ExecutionResult;
 import com.cloud.utils.net.NetUtils;
-import com.google.common.base.Function;
-import com.google.common.base.Predicate;
-import com.google.common.collect.Collections2;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(loader = AnnotationConfigContextLoader.class)
@@ -154,18 +149,14 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
 
     private void verifyFile(final NetworkElementCommand cmd, final String path, final String filename, final String content) {
         if (cmd instanceof AggregationControlCommand) {
-            verifyFile((AggregationControlCommand)cmd, path, filename, content);
+            verifyFile(cmd, path, filename, content);
         } else if (cmd instanceof LoadBalancerConfigCommand) {
             verifyFile((LoadBalancerConfigCommand)cmd, path, filename, content);
         }
     }
 
     protected void verifyCommand(final NetworkElementCommand cmd, final String script, final String args) {
-        if (cmd instanceof SetPortForwardingRulesVpcCommand) {
-            verifyArgs((SetPortForwardingRulesVpcCommand) cmd, script, args);
-        } else if (cmd instanceof SetPortForwardingRulesCommand) {
-            verifyArgs((SetPortForwardingRulesCommand) cmd, script, args);
-        } else if (cmd instanceof SetStaticRouteCommand) {
+        if (cmd instanceof SetStaticRouteCommand) {
             verifyArgs((SetStaticRouteCommand) cmd, script, args);
         } else if (cmd instanceof SetStaticNatRulesCommand) {
             verifyArgs((SetStaticNatRulesCommand) cmd, script, args);
@@ -175,18 +166,10 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
             verifyArgs((SavePasswordCommand)cmd, script, args);
         } else if (cmd instanceof DhcpEntryCommand) {
             verifyArgs((DhcpEntryCommand)cmd, script, args);
-        } else if (cmd instanceof CreateIpAliasCommand) {
-            verifyArgs((CreateIpAliasCommand)cmd, script, args);
         } else if (cmd instanceof DnsMasqConfigCommand) {
             verifyArgs((DnsMasqConfigCommand)cmd, script, args);
-        } else if (cmd instanceof DeleteIpAliasCommand) {
-            verifyArgs((DeleteIpAliasCommand)cmd, script, args);
         } else if (cmd instanceof VmDataCommand) {
             verifyArgs((VmDataCommand)cmd, script, args);
-        } else if (cmd instanceof SetFirewallRulesCommand) {
-            verifyArgs((SetFirewallRulesCommand)cmd, script, args);
-        } else if (cmd instanceof BumpUpPriorityCommand) {
-            verifyArgs((BumpUpPriorityCommand)cmd, script, args);
         } else if (cmd instanceof RemoteAccessVpnCfgCommand) {
             verifyArgs((RemoteAccessVpnCfgCommand)cmd, script, args);
         } else if (cmd instanceof VpnUsersCfgCommand) {
@@ -229,11 +212,6 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
         assertTrue(answer.getResult());
     }
 
-    private void verifyArgs(final BumpUpPriorityCommand cmd, final String script, final String args) {
-        assertEquals(script, VRScripts.RVR_BUMPUP_PRI);
-        assertEquals(args, null);
-    }
-
     @Test
     public void testSetPortForwardingRulesVpcCommand() {
         final SetPortForwardingRulesVpcCommand cmd = generateSetPortForwardingRulesVpcCommand();
@@ -257,21 +235,6 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
         return cmd;
     }
 
-    private void verifyArgs(final SetPortForwardingRulesVpcCommand cmd, final String script, final String args) {
-        assertTrue(script.equals(VRScripts.VPC_PORTFORWARDING));
-        _count ++;
-        switch (_count) {
-        case 1:
-            assertEquals(args, "-A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22-80");
-            break;
-        case 2:
-            assertEquals(args, "-D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080-8080");
-            break;
-        default:
-            fail("Failed to recongize the match!");
-        }
-    }
-
     @Test
     public void testSetPortForwardingRulesCommand() {
         final SetPortForwardingRulesCommand cmd = generateSetPortForwardingRulesCommand();
@@ -294,21 +257,6 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
         return cmd;
     }
 
-    private void verifyArgs(final SetPortForwardingRulesCommand cmd, final String script, final String args) {
-        assertTrue(script.equals(VRScripts.FIREWALL_NAT));
-        _count ++;
-        switch (_count) {
-        case 1:
-            assertEquals(args, "-A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22:80");
-            break;
-        case 2:
-            assertEquals(args, "-D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080:8080");
-            break;
-        default:
-            fail("Failed to recongize the match!");
-        }
-    }
-
     @Test
     public void testIpAssocCommand() {
         final IpAssocCommand cmd = generateIpAssocCommand();
@@ -383,22 +331,6 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
                 assertEquals(VRScripts.UPDATE_CONFIG, script);
                 assertEquals(VRScripts.IP_ASSOCIATION_CONFIG, args);
                 break;
-            case 2:
-                assertEquals(script, VRScripts.VPC_PRIVATEGW);
-                assertEquals(args, " -A  -l 64.1.1.10 -c eth2");
-                break;
-            case 3:
-                assertEquals(script, VRScripts.VPC_IPASSOC);
-                assertEquals(args, " -D  -l 64.1.1.11 -c eth2 -g 64.1.1.1 -m 24 -n 64.1.1.0");
-                break;
-            case 4:
-                assertEquals(script, VRScripts.VPC_PRIVATEGW);
-                assertEquals(args, " -D  -l 64.1.1.11 -c eth2");
-                break;
-            case 5:
-                assertEquals(script, VRScripts.VPC_IPASSOC);
-                assertEquals(args, " -A  -l 65.1.1.11 -c eth2 -g 65.1.1.1 -m 24 -n 65.1.1.0");
-                break;
             default:
                 fail("Failed to recongize the match!");
             }
@@ -676,17 +608,6 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
         return cmd;
     }
 
-    private void verifyArgs(final SetFirewallRulesCommand cmd, final String script, final String args) {
-        assertEquals(script, VRScripts.FIREWALL_INGRESS);
-
-        //Since the arguments are generated with a Set
-        //one can not make a bet on the order
-        assertTrue(args.startsWith(" -F -a "));
-        assertTrue(args.contains("64.10.10.10:ICMP:0:0:10.10.1.1/24-10.10.1.2/24:"));
-        assertTrue(args.contains("64.10.10.10:reverted:0:0:0:"));
-        assertTrue(args.contains("64.10.10.10:TCP:22:80:10.10.1.1/24-10.10.1.2/24:"));
-    }
-
     @Test
     public void testVmDataCommand() {
         final Answer answer = _resource.executeRequest(generateVmDataCommand());
@@ -804,11 +725,6 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
         return cmd;
     }
 
-    private void verifyArgs(final CreateIpAliasCommand cmd, final String script, final String args) {
-        assertEquals(script, VRScripts.IPALIAS_CREATE);
-        assertEquals(args, "1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-");
-    }
-
     @Test
     public void testDeleteIpAliasCommand() {
         final Answer answer = _resource.executeRequest(generateDeleteIpAliasCommand());
@@ -825,11 +741,6 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
         return cmd;
     }
 
-    private void verifyArgs(final DeleteIpAliasCommand cmd, final String script, final String args) {
-        assertEquals(script, VRScripts.IPALIAS_DELETE);
-        assertEquals(args, "1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-- 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-");
-    }
-
     @Test
     public void testDnsMasqConfigCommand() {
         final Answer answer = _resource.executeRequest(generateDnsMasqConfigCommand());
@@ -951,10 +862,6 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
             assertEquals(script, VRScripts.LB);
             assertEquals(args, " -i 10.1.10.2 -f " + _file + " -a 64.10.1.10:80:, -s 10.1.10.2:8081:0/0:,,");
             break;
-        case 4:
-            assertEquals(script, VRScripts.VPC_LB);
-            assertEquals(args, " -i 10.1.10.2 -f " + _file + " -a 64.10.1.10:80:, -s 10.1.10.2:8081:0/0:,,");
-            break;
         default:
             fail();
         }
@@ -1009,122 +916,4 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
         assertTrue(args.startsWith("-c /var/cache/cloud/VR-"));
         assertTrue(args.endsWith(".cfg"));
     }
-
-    protected void verifyFile(final AggregationControlCommand cmd, final String path, final String filename, final String content) {
-        assertEquals(path, "/var/cache/cloud/");
-        assertTrue(filename.startsWith("VR-"));
-        assertTrue(filename.endsWith(".cfg"));
-        final Collection<String> filteredScripts = Collections2.transform(Collections2.filter (
-                Arrays.asList(content.split("</?script>")), new Predicate<String>() {
-
-                    @Override
-                    public boolean apply(final String str) {
-                        return str.trim().startsWith("/opt/cloud");
-                    }
-                }), new Function<String, String>() {
-
-            @Override
-            public String apply(final String str) {
-                return str.trim();
-            }
-        });
-        final String[] scripts = filteredScripts.toArray(new String[filteredScripts
-                                                                    .size()]);
-
-        assertEquals(
-                "/opt/cloud/bin/ipassoc.sh -A -s -f -l 64.1.1.10/24 -c eth2 -g 64.1.1.1",
-                scripts[0]);
-
-        assertEquals(
-                "/opt/cloud/bin/ipassoc.sh -D -l 64.1.1.11/24 -c eth2 -g 64.1.1.1",
-                scripts[1]);
-
-        assertEquals(
-                "/opt/cloud/bin/ipassoc.sh -A -l 65.1.1.11/24 -c eth2 -g 65.1.1.1",
-                scripts[2]);
-        assertEquals(
-                "/opt/cloud/bin/vpc_ipassoc.sh  -A  -l 64.1.1.10 -c eth2 -g 64.1.1.1 -m 24 -n 64.1.1.0",
-                scripts[3]);
-        assertEquals(
-                "/opt/cloud/bin/vpc_privateGateway.sh  -A  -l 64.1.1.10 -c eth2",
-                scripts[4]);
-        assertEquals(
-                "/opt/cloud/bin/vpc_ipassoc.sh  -D  -l 64.1.1.11 -c eth2 -g 64.1.1.1 -m 24 -n 64.1.1.0",
-                scripts[5]);
-        assertEquals(
-                "/opt/cloud/bin/vpc_privateGateway.sh  -D  -l 64.1.1.11 -c eth2",
-                scripts[6]);
-        assertEquals(
-                "/opt/cloud/bin/vpc_ipassoc.sh  -A  -l 65.1.1.11 -c eth2 -g 65.1.1.1 -m 24 -n 65.1.1.0",
-                scripts[7]);
-        //the list generated by SetFirewallCmd is actually generated through a Set
-        //therefore we can not bet on the order of the parameters
-        assertTrue(
-                scripts[8].matches("/opt/cloud/bin/firewall_ingress.sh  -F -a .*"));
-        assertTrue(
-                scripts[8].contains("64.10.10.10:ICMP:0:0:10.10.1.1/24-10.10.1.2/24:"));
-        assertTrue(
-                scripts[8].contains("64.10.10.10:TCP:22:80:10.10.1.1/24-10.10.1.2/24:"));
-        assertTrue(
-                scripts[8].contains("64.10.10.10:reverted:0:0:0:"));
-
-        assertEquals(
-                "/opt/cloud/bin/firewall_nat.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22:80",
-                scripts[9]);
-        assertEquals(
-                "/opt/cloud/bin/firewall_nat.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080:8080",
-                scripts[10]);
-        assertEquals(
-                "/opt/cloud/bin/vpc_portforwarding.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22-80",
-                scripts[11]);
-        assertEquals(
-                "/opt/cloud/bin/vpc_portforwarding.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080-8080",
-                scripts[12]);
-        assertEquals(
-                "/opt/cloud/bin/createIpAlias.sh 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-",
-                scripts[13]);
-        assertEquals(
-                "/opt/cloud/bin/deleteIpAlias.sh 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-- 1:169.254.3.10:255.255.255.0-2:169.254.3.11:255.255.255.0-3:169.254.3.12:255.255.255.0-",
-                scripts[14]);
-        assertEquals(
-                "/opt/cloud/bin/dnsmasq.sh 10.1.20.2:10.1.20.1:255.255.255.0:10.1.20.5-10.1.21.2:10.1.21.1:255.255.255.0:10.1.21.5-",
-                scripts[15]);
-        assertEquals(
-                "/opt/cloud/bin/vpn_l2tp.sh -r 10.10.1.10-10.10.1.20 -p sharedkey -s 124.10.10.10 -l 10.10.1.1 -c  -C 10.1.1.1/24 -i eth2",
-                scripts[16]);
-        assertEquals(
-                "/opt/cloud/bin/vpn_l2tp.sh -d  -s 124.10.10.10 -C 10.1.1.1/24 -i eth2",
-                scripts[17]);
-        assertEquals(
-                "/opt/cloud/bin/vpn_l2tp.sh -r 10.10.1.10-10.10.1.20 -p sharedkey -s 124.10.10.10 -l 10.10.1.1 -c  -C 10.1.1.1/24 -i eth1",
-                scripts[18]);
-        assertEquals(
-                "/opt/cloud/bin/firewall_nat.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22:80",
-                scripts[19]);
-        assertEquals(
-                "/opt/cloud/bin/firewall_nat.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080:8080",
-                scripts[20]);
-        assertEquals(
-                "/opt/cloud/bin/vpc_portforwarding.sh -A -P tcp -l 64.1.1.10 -p 22:80 -r 10.10.1.10 -d 22-80",
-                scripts[21]);
-        assertEquals(
-                "/opt/cloud/bin/vpc_portforwarding.sh -D -P udp -l 64.1.1.11 -p 8080:8080 -r 10.10.1.11 -d 8080-8080",
-                scripts[22]);
-        assertEquals(
-                "/opt/cloud/bin/edithosts.sh  -m 12:34:56:78:90:AB -4 10.1.10.2 -h vm1",
-                scripts[23]);
-        assertEquals(
-                "/opt/cloud/bin/edithosts.sh  -m 12:34:56:78:90:AB -h vm1 -6 2001:db8:0:0:0:ff00:42:8329 -u 00:03:00:01:12:34:56:78:90:AB",
-                scripts[24]);
-        assertEquals(
-                "/opt/cloud/bin/edithosts.sh  -m 12:34:56:78:90:AB -4 10.1.10.2 -h vm1 -6 2001:db8:0:0:0:ff00:42:8329 -u 00:03:00:01:12:34:56:78:90:AB",
-                scripts[25]);
-        assertEquals("/opt/cloud/bin/savepassword.sh -v 10.1.10.4 -p 123pass",
-                scripts[26]);
-        assertEquals(
-                "/opt/cloud/bin/vmdata.py -d eyIxMC4xLjEwLjQiOltbInVzZXJkYXRhIiwidXNlci1kYXRhIiwidXNlci1kYXRhIl0sWyJtZXRhZGF0YSIsInNlcnZpY2Utb2ZmZXJpbmciLCJzZXJ2aWNlT2ZmZXJpbmciXSxbIm1ldGFkYXRhIiwiYXZhaWxhYmlsaXR5LXpvbmUiLCJ6b25lTmFtZSJdLFsibWV0YWRhdGEiLCJsb2NhbC1pcHY0IiwiMTAuMS4xMC40Il0sWyJtZXRhZGF0YSIsImxvY2FsLWhvc3RuYW1lIiwidGVzdC12bSJdLFsibWV0YWRhdGEiLCJwdWJsaWMtaXB2NCIsIjExMC4xLjEwLjQiXSxbIm1ldGFkYXRhIiwicHVibGljLWhvc3RuYW1lIiwiaG9zdG5hbWUiXSxbIm1ldGFkYXRhIiwiaW5zdGFuY2UtaWQiLCJpLTQtVk0iXSxbIm1ldGFkYXRhIiwidm0taWQiLCI0Il0sWyJtZXRhZGF0YSIsInB1YmxpYy1rZXlzIiwicHVibGlja2V5Il0sWyJtZXRhZGF0YSIsImNsb3VkLWlkZW50aWZpZXIiLCJDbG91ZFN0YWNrLXt0ZXN0fSJdXX0=",
-                scripts[27]);
-    }
-
-}
-
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6477bd8f/systemvm/patches/debian/config/opt/cloud/bin/createIpAlias.sh
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/createIpAlias.sh b/systemvm/patches/debian/config/opt/cloud/bin/createIpAlias.sh
deleted file mode 100755
index 160bc5e..0000000
--- a/systemvm/patches/debian/config/opt/cloud/bin/createIpAlias.sh
+++ /dev/null
@@ -1,129 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-usage() {
-  printf " %s   <alias_count:ip:netmask;alias_count2:ip2:netmask2;....> \n" $(basename $0) >&2
-}
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-
-PORTS_CONF=/etc/apache2/ports.conf
-PORTS_CONF_BAK=/etc/ports.conf.bak
-FAIL_DIR=/etc/failure_config
-CMDLINE=$(cat /var/cache/cloud/cmdline | tr '\n' ' ')
-
-if [ ! -d "$FAIL_DIR" ]
-  then
-      mkdir "$FAIL_DIR"
-fi
-#bakup ports.conf
-cp "$PORTS_CONF" "$PORTS_CONF_BAK"
-
-domain=$(echo "$CMDLINE" | grep -o " domain=.* " | sed -e 's/domain=//' | awk '{print $1}')
-
-setup_apache2() {
-  local ip=$1
-  logger -t cloud "Setting up apache web server for $ip"
-  cp /etc/apache2/sites-available/default  /etc/apache2/sites-available/ipAlias.${ip}.meta-data
-  cp /etc/apache2/sites-available/default-ssl  /etc/apache2/sites-available/ipAlias.${ip}-ssl.meta-data
-  cp /etc/apache2/ports.conf /etc/apache2/conf.d/ports.${ip}.meta-data.conf
-  sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:80>\nServerName $domain/" /etc/apache2/sites-available/ipAlias.${ip}.meta-data
-  sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:443>\nServerName $domain/" /etc/apache2/sites-available/ipAlias.${ip}-ssl.meta-data
-  sed -i -e "/NameVirtualHost .*:80/d" /etc/apache2/conf.d/ports.${ip}.meta-data.conf
-  sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/conf.d/ports.${ip}.meta-data.conf
-  sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/conf.d/ports.${ip}.meta-data.conf
-  ln -s /etc/apache2/sites-available/ipAlias.${ip}.meta-data /etc/apache2/sites-enabled/ipAlias.${ip}.meta-data
-  ln -s /etc/apache2/sites-available/ipAlias.${ip}-ssl.meta-data /etc/apache2/sites-enabled/ipAlias.${ip}-ssl.meta-data
-}
-
-var="$1"
-cert="/root/.ssh/id_rsa.cloud"
-config_ips=""
-setDnsRules=0
-
-while [ -n "$var" ]
-do
- var1=$(echo $var | cut -f1 -d "-")
- alias_count=$( echo $var1 | cut -f1 -d ":" )
- routerip=$(echo $var1 | cut -f2 -d ":")
- netmask=$(echo $var1 | cut -f3 -d ":")
- ifconfig eth0:$alias_count $routerip netmask $netmask up
- setup_apache2 "$routerip"
- config_ips="${config_ips}"$routerip":"
- var=$( echo $var | sed "s/${var1}-//" )
- setDnsRules=1
-done
-
-#restarting the apache server for the config to take effect.
-service apache2 restart
-result=$?
-if [ "$result" -ne "0" ]
-then
-   logger -t cloud "createIpAlias.sh: could not configure apache2 server"
-   logger -t cloud "createIpAlias.sh: reverting to the old config"
-   logger -t cloud "createIpAlias.sh: moving out the failure config to $FAIL_DIR"
-   while [ -n "$config_ips" ]
-   do
-      ip=$( echo $config_ips | cut -f1 -d ":" )
-      mv  "/etc/apache2/sites-available/ipAlias.${ip}.meta-data" "$FAIL_DIR/ipAlias.${ip}.meta-data"
-      mv  "/etc/apache2/sites-available/ipAlias.${ip}-ssl.meta-data" "$FAIL_DIR/ipAlias.${ip}-ssl.meta-data"
-      mv  "/etc/apache2/conf.d/ports.${ip}.meta-data.conf"       "$FAIL_DIR/ports.${ip}.meta-data.conf"
-      rm -f "/etc/apache2/sites-enabled/ipAlias.${ip}.meta-data"
-      rm -f "/etc/apache2/sites-enabled/ipAlias.${ip}-ssl.meta-data"
-      config_ips=$( echo $config_ips | sed "s/${ip}://" )
-   done
-   service apache2 restart
-   unlock_exit $result $lock $locked
-fi
-
-if [ "$setDnsRules" -eq 1 ]
-then
-    //check wether chain exist
-    iptables-save -t filter | grep 'dnsIpAlias_allow'
-
-    if [ $? -eq  0 ]
-    then
-      iptables -F dnsIpAlias_allow
-    else
-        //if not exist create it
-        iptables -N dnsIpAlias_allow
-        iptables -A INPUT -i eth0 -p tcp --dport 53 -j dnsIpAlias_allow
-        iptables -A INPUT -i eth0 -p udp --dport 53 -j dnsIpAlias_allow
-    fi
-
-    for cidr in $(ip addr | grep eth0 | grep inet | awk '{print $2}');
-    do
-        iptables -A dnsIpAlias_allow  -i eth0 -p tcp --dport 53 -s $cidr -j ACCEPT
-        iptables -A dnsIpAlias_allow  -i eth0 -p udp --dport 53 -s $cidr -j ACCEPT
-    done
-else
-        iptables -D INPUT -i eth0 -p tcp --dport 53 -j dnsIpAlias_allow
-        iptables -D INPUT -i eth0 -p udp --dport 53 -j dnsIpAlias_allow
-        iptables -X dnsIpAlias_allow
-fi
-
-
-#restaring the password service to enable it on the ip aliases
-/etc/init.d/cloud-passwd-srvr restart
-unlock_exit $? $lock $locked
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6477bd8f/systemvm/patches/debian/config/opt/cloud/bin/deleteIpAlias.sh
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/deleteIpAlias.sh b/systemvm/patches/debian/config/opt/cloud/bin/deleteIpAlias.sh
deleted file mode 100755
index 5c07028..0000000
--- a/systemvm/patches/debian/config/opt/cloud/bin/deleteIpAlias.sh
+++ /dev/null
@@ -1,62 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-usage() {
-  printf " %s   <alias_count:ip:netmask;alias_count2:ip2:netmask2;....> \n" $(basename $0) >&2
-}
-
-source /root/func.sh
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-
-remove_apache_config() {
-local ip=$1
- logger -t cloud "removing apache web server config for $ip"
- rm -f "/etc/apache2/sites-available/ipAlias.${ip}.meta-data"
- rm -f "/etc/apache2/sites-available/ipAlias.${ip}-ssl.meta-data"
- rm -f "/etc/apache2/conf.d/ports.${ip}.meta-data.conf"
- rm -f "/etc/apache2/sites-enabled/ipAlias.${ip}-ssl.meta-data"
- rm -f "/etc/apache2/sites-enabled/ipAlias.${ip}.meta-data"
-}
-
-var="$1"
-cert="/root/.ssh/id_rsa.cloud"
-
-while [[ !( "$var" == "-" ) ]]
-do
- var1=$(echo $var | cut -f1 -d "-")
- alias_count=$( echo $var1 | cut -f1 -d ":" )
- routerip=$( echo $var1 | cut -f2 -d ":" )
- ifconfig eth0:$alias_count  down
- remove_apache_config "$routerip"
- var=$( echo $var | sed "s/${var1}-//" )
-done
-#restarting the apache server for the config to take effect.
-service apache2 restart
-
-releaseLockFile $lock $locked
-
-iptables -F dnsIpAlias_allow
-
-#recreating the active ip aliases
-/opt/cloud/bin/createIpAlias.sh $2
-unlock_exit $? $lock $locked
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6477bd8f/systemvm/patches/debian/config/opt/cloud/bin/firewall_egress.sh
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/firewall_egress.sh b/systemvm/patches/debian/config/opt/cloud/bin/firewall_egress.sh
deleted file mode 100755
index 6eb0531..0000000
--- a/systemvm/patches/debian/config/opt/cloud/bin/firewall_egress.sh
+++ /dev/null
@@ -1,188 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-# $Id: firewallRule_egress.sh 9947 2013-01-17 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/xenserver/root/firewallRule_egress.sh $
-# firewallRule_egress.sh -- allow some ports / protocols from vm instances
-# @VERSION@
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-#set -x
-usage() {
-  printf "Usage: %s:  -a protocol:startport:endport:sourcecidrs>  \n" $(basename $0) >&2
-  printf "sourcecidrs format:  cidr1-cidr2-cidr3-...\n"
-}
-
-fw_egress_remove_backup() {
-  # remove backup rules, ignore errors as they could not be present
-  sudo iptables -D FW_OUTBOUND -j _FW_EGRESS_RULES >/dev/null 2>&1
-  sudo iptables -F _FW_EGRESS_RULES >/dev/null 2>&1
-  sudo iptables -X _FW_EGRESS_RULES >/dev/null 2>&1
-}
-
-fw_egress_save() {
-  sudo iptables -E FW_EGRESS_RULES _FW_EGRESS_RULES 
-}
-
-fw_egress_chain () {
-#supress errors 2>/dev/null
-  fw_egress_remove_backup
-  fw_egress_save
-  sudo iptables -N FW_EGRESS_RULES 
-  sudo iptables -A FW_OUTBOUND -j FW_EGRESS_RULES
-}
-
-fw_egress_backup_restore() {
-   sudo iptables -A FW_OUTBOUND -j FW_EGRESS_RULES
-   sudo iptables -E _FW_EGRESS_RULES FW_EGRESS_RULES 
-   fw_egress_remove_backup
-}
-
-
-fw_entry_for_egress() {
-  local rule=$1
-
-  local prot=$(echo $rule | cut -d: -f2)
-  local sport=$(echo $rule | cut -d: -f3)
-  local eport=$(echo $rule | cut -d: -f4)
-  local cidrs=$(echo $rule | cut -d: -f5 | sed 's/-/ /g')
-  if [ "$sport" == "0" -a "$eport" == "0" ]
-  then
-      DPORT=""
-  else
-      DPORT="--dport $sport:$eport"
-  fi
-  logger -t cloud "$(basename $0): enter apply fw egress rules for guest $prot:$sport:$eport:$cidrs"  
-  
-  for lcidr in $cidrs
-  do
-    [ "$prot" == "reverted" ] && continue;
-    if [ "$prot" == "icmp" ]
-    then
-      typecode="$sport/$eport"
-      [ "$eport" == "-1" ] && typecode="$sport"
-      [ "$sport" == "-1" ] && typecode="any"
-      sudo iptables -A FW_EGRESS_RULES -p $prot -s $lcidr --icmp-type $typecode \
-                     -j $target
-      result=$?
-    elif [ "$prot" == "all" ]
-    then
-	    sudo iptables -A FW_EGRESS_RULES -p $prot -s $lcidr -j $target
-	    result=$?
-    else
-	    sudo iptables -A FW_EGRESS_RULES -p $prot -s $lcidr  $DPORT -j $target
-	    result=$?
-    fi
-  
-    [ $result -gt 0 ] && 
-       logger -t cloud "Error adding iptables entry for guest network $prot:$sport:$eport:$cidrs" &&
-       break
-  done
-
-  logger -t cloud "$(basename $0): exit apply egress firewall rules for guest network"  
-  return $result
-}
-
-
-aflag=0
-rules=""
-rules_list=""
-ip=""
-dev=""
-pflag=0
-shift
-shift
-while getopts 'a:P:' OPTION
-do
-  case $OPTION in
-  a)	aflag=1
-		rules="$OPTARG"
-		;;
-  P)   pflag=1
-       pvalue="$OPTARG"
-       ;;
-  ?)	usage
-                unlock_exit 2 $lock $locked
-		;;
-  esac
-done
-
-if [ "$aflag" != "1" ]
-then
-  usage
-  unlock_exit 2 $lock $locked
-fi
-
-if [ -n "$rules" ]
-then
-  rules_list=$(echo $rules | cut -d, -f1- --output-delimiter=" ")
-fi
-
-# rule format
-# protocal:sport:eport:cidr
-#-a tcp:80:80:0.0.0.0/0::tcp:220:220:0.0.0.0/0:,tcp:222:222:192.168.10.0/24-75.57.23.0/22-88.100.33.1/32
-#    if any entry is reverted , entry will be in the format reverted:0:0:0
-# example : tcp:80:80:0.0.0.0/0:, tcp:220:220:0.0.0.0/0:,200.1.1.2:reverted:0:0:0 
-
-success=0
-
-if [ "$pvalue" == "1" -o "$pvalue" == "2" ]
-  then
-     target="DROP"
-  else
-     target="ACCEPT"
-  fi
-
-fw_egress_chain
-for r in $rules_list
-do
-  fw_entry_for_egress $r
-  success=$?
-  if [ $success -gt 0 ]
-  then
-    logger -t cloud "failure to apply fw egress rules "
-    break
-  else
-    logger -t cloud "successful in applying fw egress rules"
-  fi
-done
-
-if [ $success -gt 0 ]
-then
-  logger -t cloud "restoring from backup for guest network"
-  fw_egress_backup_restore
-else
-  logger -t cloud "deleting backup for guest network"
-    if [ "$pvalue" == "1" ]
-       then
-       #Adding default policy rule
-       sudo iptables -A FW_EGRESS_RULES  -j ACCEPT
-    fi
-
-fi
-
-fw_egress_remove_backup
-
-unlock_exit $success $lock $locked
-
-

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6477bd8f/systemvm/patches/debian/config/opt/cloud/bin/firewall_ingress.sh
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/firewall_ingress.sh b/systemvm/patches/debian/config/opt/cloud/bin/firewall_ingress.sh
deleted file mode 100755
index 9e459f0..0000000
--- a/systemvm/patches/debian/config/opt/cloud/bin/firewall_ingress.sh
+++ /dev/null
@@ -1,202 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-# firewall_rule.sh -- allow some ports / protocols to vm instances
-# @VERSION@
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-
-usage() {
-  printf "Usage: %s:  -a <public ip address:protocol:startport:endport:sourcecidrs>  \n" $(basename $0) >&2
-  printf "sourcecidrs format:  cidr1-cidr2-cidr3-...\n"
-}
-#set -x
-#FIXME: eating up the error code during execution of iptables
-fw_remove_backup() {
-  local pubIp=$1
-  sudo iptables -t mangle -F _FIREWALL_$pubIp 2> /dev/null
-  sudo iptables -t mangle -D PREROUTING  -d $pubIp -j _FIREWALL_$pubIp  2> /dev/null
-  sudo iptables -t mangle -X _FIREWALL_$pubIp 2> /dev/null
-}
-
-fw_restore() {
-  local pubIp=$1
-  sudo iptables -t mangle -F FIREWALL_$pubIp 2> /dev/null
-  sudo iptables -t mangle -D PREROUTING  -d $pubIp  -j FIREWALL_$pubIp  2> /dev/null
-  sudo iptables -t mangle -X FIREWALL_$pubIp 2> /dev/null
-  sudo iptables -t mangle -E _FIREWALL_$pubIp FIREWALL_$pubIp 2> /dev/null
-}
-
-fw_chain_for_ip () {
-  local pubIp=$1
-  fw_remove_backup $1
-  sudo iptables -t mangle -E FIREWALL_$pubIp _FIREWALL_$pubIp 2> /dev/null
-  sudo iptables -t mangle -N FIREWALL_$pubIp 2> /dev/null
-  # drop if no rules match (this will be the last rule in the chain)
-  sudo iptables -t mangle -A FIREWALL_$pubIp -j DROP> /dev/null
-  # ensure outgoing connections are maintained (first rule in chain)
-  sudo iptables -t mangle -I FIREWALL_$pubIp -m state --state RELATED,ESTABLISHED -j ACCEPT> /dev/null
-  #ensure that this table is after VPN chain
-  sudo iptables -t mangle -I PREROUTING 2 -d $pubIp -j FIREWALL_$pubIp
-  success=$?
-  if [ $success -gt 0 ]
-  then
-  # if VPN chain is not present for various reasons, try to add in to the first slot */
-     sudo iptables -t mangle -I PREROUTING -d $pubIp -j FIREWALL_$pubIp
-  fi
-}
-
-fw_entry_for_public_ip() {
-  local rules=$1
-
-  local pubIp=$(echo $rules | cut -d: -f1)
-  local prot=$(echo $rules | cut -d: -f2)
-  local sport=$(echo $rules | cut -d: -f3)    
-  local eport=$(echo $rules | cut -d: -f4)    
-  local scidrs=$(echo $rules | cut -d: -f5 | sed 's/-/ /g')
-  
-  logger -t cloud "$(basename $0): enter apply firewall rules for public ip $pubIp:$prot:$sport:$eport:$scidrs"  
-
-
-  # note that rules are inserted after the RELATED,ESTABLISHED rule 
-  # but before the DROP rule
-  for src in $scidrs
-  do
-    [ "$prot" == "reverted" ] && continue;
-    if [ "$prot" == "icmp" ]
-    then
-      typecode="$sport/$eport"
-      [ "$eport" == "-1" ] && typecode="$sport"
-      [ "$sport" == "-1" ] && typecode="any"
-      sudo iptables -t mangle -I FIREWALL_$pubIp 2 -s $src -p $prot \
-                    --icmp-type $typecode  -j RETURN
-    else
-       sudo iptables -t mangle -I FIREWALL_$pubIp 2 -s $src -p $prot \
-                    --dport $sport:$eport -j RETURN
-    fi
-    result=$?
-    [ $result -gt 0 ] && 
-       logger -t cloud "Error adding iptables entry for $pubIp:$prot:$sport:$eport:$src" &&
-       break
-  done
-      
-  logger -t cloud "$(basename $0): exit apply firewall rules for public ip $pubIp"  
-  return $result
-}
-
-get_vif_list() {
-  local vif_list=""
-  for i in /sys/class/net/eth*; do 
-    vif=$(basename $i);
-    if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ]
-    then
-      vif_list="$vif_list $vif";
-    fi
-  done
-  if [ "$vif_list" == "" ]
-  then
-      vif_list="eth0"
-  fi
-  
-  logger -t cloud "FirewallRule public interfaces = $vif_list"
-  echo $vif_list
-}
-
-shift 
-rules=
-while getopts 'a:' OPTION
-do
-  case $OPTION in
-  a)	aflag=1
-		rules="$OPTARG"
-		;;
-  ?)	usage
-                unlock_exit 2 $lock $locked
-		;;
-  esac
-done
-
-VIF_LIST=$(get_vif_list)
-
-if [ "$rules" == "" ]
-then
-  rules="none"
-fi
-
-#-a 172.16.92.44:tcp:80:80:0.0.0.0/0:,172.16.92.44:tcp:220:220:0.0.0.0/0:,172.16.92.44:tcp:222:222:192.168.10.0/24-75.57.23.0/22-88.100.33.1/32
-#    if any entry is reverted , entry will be in the format <ip>:reverted:0:0:0
-# example : 172.16.92.44:tcp:80:80:0.0.0.0/0:,172.16.92.44:tcp:220:220:0.0.0.0/0:,200.1.1.2:reverted:0:0:0 
-# The reverted entries will fix the following partially 
-#FIXME: rule leak: when there are multiple ip address, there will chance that entry will be left over if the ipadress  does not appear in the current execution when compare to old one 
-# example :  In the below first transaction have 2 ip's whereas in second transaction it having one ip, so after the second trasaction 200.1.2.3 ip will have rules in mangle table.
-#  1)  -a 172.16.92.44:tcp:80:80:0.0.0.0/0:,200.16.92.44:tcp:220:220:0.0.0.0/0:,
-#  2)  -a 172.16.92.44:tcp:80:80:0.0.0.0/0:,172.16.92.44:tcp:220:220:0.0.0.0/0:,
-
-
-success=0
-publicIps=
-rules_list=$(echo $rules | cut -d, -f1- --output-delimiter=" ")
-for r in $rules_list
-do
-  pubIp=$(echo $r | cut -d: -f1)
-  publicIps="$pubIp $publicIps"
-done
-
-unique_ips=$(echo $publicIps| tr " " "\n" | sort | uniq | tr "\n" " ")
-
-for u in $unique_ips
-do
-  fw_chain_for_ip $u
-done
-
-for r in $rules_list
-do
-  pubIp=$(echo $r | cut -d: -f1)
-  fw_entry_for_public_ip $r
-  success=$?
-  if [ $success -gt 0 ]
-  then
-    logger -t cloud "$(basename $0): failure to apply fw rules for ip $pubIp"
-    break
-  else
-    logger -t cloud "$(basename $0): successful in applying fw rules for ip $pubIp"
-  fi
-done
-
-if [ $success -gt 0 ]
-then
-    for p in $unique_ips
-    do
-      logger -t cloud "$(basename $0): restoring from backup for ip: $p"
-      fw_restore $p
-    done
-fi 
-for p in $unique_ips
-do
-   logger -t cloud "$(basename $0): deleting backup for ip: $p"
-   fw_remove_backup $p
-done
-
-unlock_exit $success $lock $locked
-

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6477bd8f/systemvm/patches/debian/config/opt/cloud/bin/firewall_nat.sh
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/firewall_nat.sh b/systemvm/patches/debian/config/opt/cloud/bin/firewall_nat.sh
deleted file mode 100755
index 8c0e0fc..0000000
--- a/systemvm/patches/debian/config/opt/cloud/bin/firewall_nat.sh
+++ /dev/null
@@ -1,358 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-# $Id: firewall.sh 9947 2010-06-25 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/xenserver/root/firewall.sh $
-# firewall.sh -- allow some ports / protocols to vm instances
-# @VERSION@
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-
-vpnoutmark="0x525"
-
-usage() {
-  printf "Usage: %s: (-A|-D)   -r <target-instance-ip> -P protocol (-p port_range | -t icmp_type_code)  -l <public ip address> -d <target port> -s <source cidrs> [-G]   \n" $(basename $0) >&2
-}
-
-#set -x
-
-get_dev_list() {
-  ip link show | grep -e eth[2-9] | awk -F ":" '{print $2}'
-  ip link show | grep -e eth1[0-9] | awk -F ":" '{print $2}'
-}
-
-ip_to_dev() {
-  local ip=$1
-
-  for dev in $DEV_LIST; do
-    ip addr show dev $dev | grep inet | grep $ip &>> /dev/null
-    [ $? -eq 0 ] && echo $dev && return 0
-  done
-  return 1
-}
-
-doHairpinNat () {
-  local vrGuestIPNetwork=$(sudo ip addr show dev eth0 | grep inet | grep eth0 | awk '{print $2}' | head -1)
-  local vrGuestIP=$(echo $vrGuestIPNetwork | awk -F'/' '{print $1}')
-
-  local publicIp=$1
-  local prot=$2
-  local port=$3
-  local guestVmIp=$4
-  local guestPort=$(echo $5 | sed 's/:/-/')
-  local op=$6
-  local destPort=$5
-  logger -t cloud "$(basename $0): create HairPin entry : public ip=$publicIp \
-  instance ip=$guestVmIp proto=$proto portRange=$guestPort op=$op"
-
-  if [ "$prot" == "all" ]
-	then
-  		logger -t cloud "creating hairpin nat rules for static nat" 
-  		(sudo iptables -t nat $op PREROUTING -d $publicIp -i eth0 -j DNAT --to-destination $guestVmIp &>> $OUTFILE || [ "$op" == "-D" ]) &&
-  		(sudo iptables -t nat $op POSTROUTING -s $vrGuestIPNetwork -d $guestVmIp -j SNAT -o eth0 --to-source $vrGuestIP &>> $OUTFILE || [ "$op" == "-D" ])
-	else
-  		(sudo iptables -t nat $op PREROUTING -d $publicIp -i eth0 -p $prot --dport $port -j DNAT --to-destination $guestVmIp:$guestPort &>> $OUTFILE || [ "$op" == "-D" ]) &&
-  		(sudo iptables -t nat $op POSTROUTING -s $vrGuestIPNetwork -p $prot --dport $destPort -d $guestVmIp -j SNAT -o eth0 --to-source $vrGuestIP &>> $OUTFILE || [ "$op" == "-D" ])
-	fi
-}
-
-#Port (address translation) forwarding for tcp or udp
-tcp_or_udp_entry() {
-  local instIp=$1
-  local dport0=$2
-  local dport=$(echo $2 | sed 's/:/-/')
-  local publicIp=$3
-  local port=$4
-  local op=$5
-  local proto=$6
-  local cidrs=$7
-
-  logger -t cloud "$(basename $0): creating port fwd entry for PAT: public ip=$publicIp \
-  instance ip=$instIp proto=$proto port=$port dport=$dport op=$op"
-
-  #if adding, this might be a duplicate, so delete the old one first
-  [ "$op" == "-A" ] && tcp_or_udp_entry $instIp $dport0 $publicIp $port "-D" $proto $cidrs
-  # the delete operation may have errored out but the only possible reason is 
-  # that the rules didn't exist in the first place
-  local dev=$(ip_to_dev $publicIp)
-  local tableNo=$(echo $dev | awk -F'eth' '{print $2}')
-  # shortcircuit the process if error and it is an append operation
-  # continue if it is delete
-  (sudo iptables -t nat $op PREROUTING --proto $proto -i $dev -d $publicIp \
-           --destination-port $port -j DNAT  \
-           --to-destination $instIp:$dport &>> $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables -t mangle $op PREROUTING --proto $proto -i $dev -d $publicIp \
-           --destination-port $port -j MARK --set-mark $tableNo &>> $OUTFILE || [ "$op" == "-D" ]) && 
-  (sudo iptables -t mangle $op PREROUTING --proto $proto -i $dev -d $publicIp \
-           --destination-port $port -m state --state NEW -j CONNMARK --save-mark &>> $OUTFILE || [ "$op" == "-D" ]) &&
-  (doHairpinNat $publicIp $proto $port $instIp $dport0 $op) &&
-  (sudo iptables -t nat $op OUTPUT  --proto $proto -d $publicIp  \
-           --destination-port $port -j DNAT  \
-           --to-destination $instIp:$dport &>> $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables $op FORWARD -p $proto -s $cidrs -d $instIp -m state \
-           --state ESTABLISHED,RELATED -m comment --comment "$publicIp:$port" -j ACCEPT &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables $op FORWARD -p $proto -s $cidrs -d $instIp  \
-           --destination-port $dport0 -m state --state NEW -m comment --comment "$publicIp:$port" -j ACCEPT &>>  $OUTFILE)
-      
-
-  local result=$?
-  logger -t cloud "$(basename $0): done port fwd entry for PAT: public ip=$publicIp op=$op result=$result"
-  return $result
-}
-
-
-#Forward icmp
-icmp_entry() {
-  local instIp=$1
-  local icmptype=$2
-  local publicIp=$3
-  local op=$4
-  
-  logger -t cloud "$(basename $0): creating port fwd entry for PAT: public ip=$publicIp \
-  instance ip=$instIp proto=icmp port=$port dport=$dport op=$op"
-  #if adding, this might be a duplicate, so delete the old one first
-  [ "$op" == "-A" ] && icmp_entry $instIp $icmpType $publicIp "-D" 
-  # the delete operation may have errored out but the only possible reason is 
-  # that the rules didn't exist in the first place
-  local dev=$(ip_to_dev $publicIp)
-  sudo iptables -t nat $op PREROUTING --proto icmp -i $dev -d $publicIp --icmp-type $icmptype -j DNAT --to-destination $instIp &>>  $OUTFILE
-       
-  sudo iptables -t nat $op OUTPUT  --proto icmp -d $publicIp --icmp-type $icmptype -j DNAT --to-destination $instIp &>>  $OUTFILE
-  sudo iptables $op FORWARD -p icmp -s 0/0 -d $instIp --icmp-type $icmptype  -j ACCEPT &>>  $OUTFILE
-      
-  result=$?
-  logger -t cloud "$(basename $0): done port fwd entry for PAT: public ip=$publicIp op=$op result=$result"
-  return $result
-}
-
-
-
-one_to_one_fw_entry() {
-  local publicIp=$1
-  local instIp=$2  
-  local proto=$3
-  local portRange=$4 
-  local op=$5
-  logger -t cloud "$(basename $0): create firewall entry for static nat: public ip=$publicIp \
-  instance ip=$instIp proto=$proto portRange=$portRange op=$op"
-
-  #if adding, this might be a duplicate, so delete the old one first
-  [ "$op" == "-A" ] && one_to_one_fw_entry $publicIp $instIp $proto $portRange "-D" 
-  # the delete operation may have errored out but the only possible reason is 
-  # that the rules didn't exist in the first place
-
-  local dev=$(ip_to_dev $publicIp)
-  [ $? -ne 0 ] && echo "Could not find device associated with $publicIp" && return 1
-
-  # shortcircuit the process if error and it is an append operation
-  # continue if it is delete
-  (sudo iptables -t nat $op  PREROUTING -i $dev -d $publicIp --proto $proto \
-           --destination-port $portRange -j DNAT \
-           --to-destination $instIp &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (doHairpinNat $publicIp $proto $portRange $instIp $portRange $op) &&
-  (sudo iptables $op FORWARD -i $dev -o eth0 -d $instIp --proto $proto \
-           --destination-port $portRange -m state \
-           --state NEW -j ACCEPT &>>  $OUTFILE )
-
-  result=$?
-  logger -t cloud "$(basename $0): done firewall entry public ip=$publicIp op=$op result=$result"
-  return $result
-}
-
-fw_chain_for_ip() {
-  local pubIp=$1
-  if  iptables -t mangle -N FIREWALL_$pubIp &> /dev/null
-  then
-    logger -t cloud "$(basename $0): created a firewall chain for $pubIp"
-    (sudo iptables -t mangle -A FIREWALL_$pubIp -j DROP) &&
-    (sudo iptables -t mangle -I FIREWALL_$pubIp -m state --state RELATED,ESTABLISHED -j ACCEPT ) &&
-    (sudo iptables -t mangle -I PREROUTING 2 -d $pubIp -j FIREWALL_$pubIp)
-    return $?
-  fi
-  logger -t cloud "fw chain for $pubIp already exists"
-  return 0
-}
-
-static_nat() {
-  local publicIp=$1
-  local instIp=$2  
-  local op=$3
-  local op2="-D"
-  local rulenum=
-  local proto="all"
-
-  logger -t cloud "$(basename $0): static nat: public ip=$publicIp \
-  instance ip=$instIp  op=$op"
-  
-  #TODO check error below
-  fw_chain_for_ip $publicIp
-
-  #if adding, this might be a duplicate, so delete the old one first
-  [ "$op" == "-A" ] && static_nat $publicIp $instIp  "-D" 
-  # the delete operation may have errored out but the only possible reason is 
-  # that the rules didn't exist in the first place
-  [ "$op" == "-A" ] && op2="-I"
-  if [ "$op" == "-A" ]
-  then
-    # put static nat rule one rule after VPN no-NAT rule
-    # rule chain can be used to improve it later
-    iptables-save -t nat|grep "POSTROUTING" | grep $vpnoutmark > /dev/null
-    if [ $? -eq 0 ]
-    then
-      rulenum=2
-    else
-      rulenum=1
-    fi
-  fi
-
-  local dev=$(ip_to_dev $publicIp)
-  [ $? -ne 0 ] && echo "Could not find device associated with $publicIp" && return 1
-  local tableNo=$(echo $dev | awk -F'eth' '{print $2}')
-
-  # shortcircuit the process if error and it is an append operation
-  # continue if it is delete
-  (sudo iptables -t mangle $op PREROUTING -i $dev -d $publicIp \
-           -j MARK -m state --state NEW --set-mark $tableNo &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables -t mangle $op PREROUTING -i $dev -d $publicIp \
-           -m state --state NEW -j CONNMARK --save-mark &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables -t mangle $op  PREROUTING -s $instIp -i eth0  \
-           -j MARK -m state --state NEW --set-mark $tableNo &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables -t mangle $op PREROUTING -s $instIp -i eth0  \
-           -m state --state NEW -j CONNMARK --save-mark &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables -t nat $op  PREROUTING -i $dev -d $publicIp -j DNAT \
-           --to-destination $instIp &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables $op FORWARD -i $dev -o eth0 -d $instIp  -m state \
-           --state NEW -j ACCEPT &>>  $OUTFILE || [ "$op" == "-D" ]) &&
-  (sudo iptables -t nat $op2 POSTROUTING $rulenum -s $instIp -j SNAT \
-           -o $dev --to-source $publicIp &>> $OUTFILE || [ "$op" == "-D" ]) &&
-  (doHairpinNat $publicIp $proto "all" $instIp "0:65535" $op)
-
-  result=$?
-  logger -t cloud "$(basename $0): done static nat entry public ip=$publicIp op=$op result=$result"
-  return $result
-}
-
-
-
-rflag=
-Pflag=
-pflag=
-tflag=
-lflag=
-dflag=
-sflag=
-Gflag=
-op=""
-
-while getopts 'ADr:P:p:t:l:d:s:G' OPTION
-do
-  case $OPTION in
-  A)    op="-A"
-        ;;
-  D)    op="-D"
-        ;;
-  r)    rflag=1
-        instanceIp="$OPTARG"
-        ;;
-  P)    Pflag=1
-        protocol="$OPTARG"
-        ;;
-  p)    pflag=1
-        ports="$OPTARG"
-        ;;
-  t)    tflag=1
-        icmptype="$OPTARG"
-        ;;
-  l)    lflag=1
-        publicIp="$OPTARG"
-        ;;
-  s)    sflag=1
-        cidrs="$OPTARG"
-        ;;
-  d)    dflag=1
-        dport="$OPTARG"
-        ;;
-  G)    Gflag=1
-        ;;
-  ?)    usage
-        unlock_exit 2 $lock $locked
-        ;;
-  esac
-done
-
-DEV_LIST=$(get_dev_list)
-OUTFILE=$(mktemp)
-
-#Firewall ports for one-to-one/static NAT
-if [ "$Gflag" == "1" ]
-then
-  if [ "$protocol" == "" ] 
-  then
-    static_nat $publicIp $instanceIp  $op
-  else
-    one_to_one_fw_entry $publicIp $instanceIp  $protocol $dport $op
-  fi
-  result=$?
-  if [ "$result" -ne 0 ] && [ "$op" != "-D" ]; then
-      cat $OUTFILE >&2
-  fi
-  rm -f $OUTFILE
-  if [ "$op" == "-D" ];then
-     result=0
-  fi
-  unlock_exit $result $lock $locked
-fi
-
-if [ "$sflag" != "1" ]
-then
-    cidrs="0/0"
-fi
-
-case $protocol  in
-  tcp|udp)    
-        tcp_or_udp_entry $instanceIp $dport $publicIp $ports $op $protocol $cidrs
-        result=$?
-        if [ "$result" -ne 0 ] && [ "$op" != "-D" ];then
-           cat $OUTFILE >&2
-        fi
-        rm -f $OUTFILE
-        if [ "$op" == "-D" ];then
-           result=0
-        fi
-        unlock_exit $result $lock $locked
-        ;;
-  "icmp")  
-  
-        icmp_entry $instanceIp $icmptype $publicIp $op 
-        if [ "$op" == "-D" ];then
-           result=0
-        fi
-        unlock_exit $? $lock $locked
-        ;;
-      *)
-        printf "Invalid protocol-- must be tcp, udp or icmp\n" >&2
-        unlock_exit 5 $lock $locked
-        ;;
-esac
-
-unlock_exit 0 $lock $locked

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6477bd8f/systemvm/patches/debian/config/opt/cloud/bin/getRouterAlerts.sh
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/getRouterAlerts.sh b/systemvm/patches/debian/config/opt/cloud/bin/getRouterAlerts.sh
deleted file mode 100644
index 3f5f4a3..0000000
--- a/systemvm/patches/debian/config/opt/cloud/bin/getRouterAlerts.sh
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-# getRouterAlerts.sh  --- Send the alerts from routerServiceMonitor.log to Management Server
-
-#set -x
-
-filename=/var/log/routerServiceMonitor.log #Monitor service log file
-if [ -n "$1" -a -n "$2" ]
-then
-        reqDateVal=$(date -d "$1 $2" "+%s");
-else
-        reqDateVal=0
-fi
-if [ -f $filename ]
-then
-        while read line
-        do
-            if [ -n "$line" ]
-            then
-                dateval=`echo $line |awk '{print $1, $2}'`
-                IFS=',' read -a array <<< "$dateval"
-                dateval=${array[0]}
-
-                toDateVal=$(date -d "$dateval" "+%s")
-
-                if [ "$toDateVal" -gt "$reqDateVal" ]
-                then
-                    alerts="$line\n$alerts"
-                else
-                    break
-                fi
-            fi
-        done < <(tac $filename)
-fi
-if [ -n "$alerts" ]; then
-       echo $alerts
-else
-       echo "No Alerts"
-fi
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6477bd8f/systemvm/patches/debian/config/opt/cloud/bin/vpc_acl.sh
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/vpc_acl.sh b/systemvm/patches/debian/config/opt/cloud/bin/vpc_acl.sh
deleted file mode 100755
index 0a791c6..0000000
--- a/systemvm/patches/debian/config/opt/cloud/bin/vpc_acl.sh
+++ /dev/null
@@ -1,250 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-# firewall_rule.sh -- allow some ports / protocols to vm instances
-# @VERSION@
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-
-usage() {
-  printf "Usage: %s:  -a <public ip address:protocol:startport:endport:sourcecidrs>  \n" $(basename $0) >&2
-  printf "sourcecidrs format:  cidr1-cidr2-cidr3-...\n"
-}
-#set -x
-#FIXME: eating up the error code during execution of iptables
-
-acl_switch_to_new() {
-  sudo iptables -D FORWARD -o $dev -d $gcidr -j _ACL_INBOUND_$dev  2>/dev/null
-  sudo iptables-save  | grep "\-j _ACL_INBOUND_$dev" | grep "\-A" | while read rule;
-  do
-    rule1=$(echo $rule | sed 's/\_ACL_INBOUND/ACL_INBOUND/')
-    sudo iptables $rule1
-    rule2=$(echo $rule | sed 's/\-A/\-D/')
-    sudo iptables $rule2
-  done
-  sudo iptables -F _ACL_INBOUND_$dev 2>/dev/null
-  sudo iptables -X _ACL_INBOUND_$dev 2>/dev/null
-  sudo iptables -t mangle -F _ACL_OUTBOUND_$dev 2>/dev/null
-  sudo iptables -t mangle -D PREROUTING -m state --state NEW -i $dev -s $gcidr ! -d $ip -j _ACL_OUTBOUND_$dev  2>/dev/null
-  sudo iptables -t mangle -X _ACL_OUTBOUND_$dev 2>/dev/null
-}
-
-acl_remove_backup() {
-  sudo iptables -F _ACL_INBOUND_$dev 2>/dev/null
-  sudo iptables -D FORWARD -o $dev -d $gcidr -j _ACL_INBOUND_$dev  2>/dev/null
-  sudo iptables -X _ACL_INBOUND_$dev 2>/dev/null
-  sudo iptables -t mangle -F _ACL_OUTBOUND_$dev 2>/dev/null
-  sudo iptables -t mangle -D PREROUTING -m state --state NEW -i $dev -s $gcidr ! -d $ip -j _ACL_OUTBOUND_$dev  2>/dev/null
-  sudo iptables -t mangle -X _ACL_OUTBOUND_$dev 2>/dev/null
-}
-
-acl_remove() {
-  sudo iptables -F ACL_INBOUND_$dev 2>/dev/null
-  sudo iptables -D FORWARD -o $dev -d $gcidr -j ACL_INBOUND_$dev  2>/dev/null
-  sudo iptables -X ACL_INBOUND_$dev 2>/dev/null
-  sudo iptables -t mangle -F ACL_OUTBOUND_$dev 2>/dev/null
-  sudo iptables -t mangle -D PREROUTING -m state --state NEW -i $dev -s $gcidr ! -d $ip -j ACL_OUTBOUND_$dev  2>/dev/null
-  sudo iptables -t mangle -X ACL_OUTBOUND_$dev 2>/dev/null
-}
-
-acl_restore() {
-  acl_remove
-  sudo iptables -E _ACL_INBOUND_$dev ACL_INBOUND_$dev 2>/dev/null
-  sudo iptables -t mangle -E _ACL_OUTBOUND_$dev ACL_OUTBOUND_$dev 2>/dev/null
-}
-
-acl_save() {
-  acl_remove_backup
-  sudo iptables -E ACL_INBOUND_$dev _ACL_INBOUND_$dev 2>/dev/null
-  sudo iptables -t mangle -E ACL_OUTBOUND_$dev _ACL_OUTBOUND_$dev 2>/dev/null
-}
-
-acl_chain_for_guest_network () {
-  acl_save
-  # inbound
-  sudo iptables -N ACL_INBOUND_$dev 2>/dev/null
-  # drop if no rules match (this will be the last rule in the chain)
-  sudo iptables -A ACL_INBOUND_$dev -j DROP 2>/dev/null
-  sudo iptables -A FORWARD -o $dev -d $gcidr -j ACL_INBOUND_$dev  2>/dev/null
-  # outbound
-  sudo iptables -t mangle -N ACL_OUTBOUND_$dev 2>/dev/null
-  sudo iptables -t mangle -A PREROUTING -m state --state NEW -i $dev -s $gcidr ! -d $ip -j ACL_OUTBOUND_$dev  2>/dev/null
-}
-
-
-
-acl_entry_for_guest_network() {
-  local rule=$1
-
-  local ttype=$(echo $rule | cut -d: -f1)
-  local prot=$(echo $rule | cut -d: -f2)
-  local sport=$(echo $rule | cut -d: -f3)
-  local eport=$(echo $rule | cut -d: -f4)
-  local cidrs=$(echo $rule | cut -d: -f5 | sed 's/-/ /g')
-  local action=$(echo $rule | cut -d: -f6)
-  if [ "$sport" == "0" -a "$eport" == "0" ]
-  then
-      DPORT=""
-  else
-      DPORT="--dport $sport:$eport"
-  fi
-  logger -t cloud "$(basename $0): enter apply acl rules for guest network: $gcidr, inbound:$inbound:$prot:$sport:$eport:$cidrs"  
-  
-  # note that rules are inserted after the RELATED,ESTABLISHED rule 
-  # but before the DROP rule
-  for lcidr in $cidrs
-  do
-    [ "$prot" == "reverted" ] && continue;
-    if [ "$prot" == "icmp" ]
-    then
-      typecode="$sport/$eport"
-      [ "$eport" == "-1" ] && typecode="$sport"
-      [ "$sport" == "-1" ] && typecode="any"
-      if [ "$ttype" == "Ingress" ]
-      then
-        sudo iptables -I ACL_INBOUND_$dev -p $prot -s $lcidr  \
-                    --icmp-type $typecode  -j $action
-      else
-        let egress++
-        sudo iptables -t mangle -I ACL_OUTBOUND_$dev -p $prot -d $lcidr  \
-                    --icmp-type $typecode  -j $action
-      fi
-    else
-      if [ "$ttype" == "Ingress" ]
-      then
-        sudo iptables -I ACL_INBOUND_$dev -p $prot -s $lcidr \
-                    $DPORT -j $action
-      else
-        let egress++
-        sudo iptables -t mangle -I ACL_OUTBOUND_$dev -p $prot -d $lcidr \
-                    $DPORT -j $action
-      fi
-    fi
-    result=$?
-    [ $result -gt 0 ] && 
-       logger -t cloud "Error adding iptables entry for guest network : $gcidr,inbound:$inbound:$prot:$sport:$eport:$cidrs" &&
-       break
-  done
-      
-  logger -t cloud "$(basename $0): exit apply acl rules for guest network : $gcidr"  
-  return $result
-}
-
-
-dflag=0
-gflag=0
-aflag=0
-Mflag=0
-rules=""
-rules_list=""
-ip=""
-dev=""
-mac=""
-while getopts 'd:i:m:M:a:' OPTION
-do
-  case $OPTION in
-  d)    dflag=1
-                dev="$OPTARG"
-                ;;
-  i)    iflag=1
-                ip="$OPTARG"
-                ;;
-  m)    mflag=1
-                mask="$OPTARG"
-                ;;
-  M)    Mflag=1
-                mac="$OPTARG"
-                ;;
-  a)	aflag=1
-		rules="$OPTARG"
-		;;
-  ?)	usage
-                unlock_exit 2 $lock $locked
-		;;
-  esac
-done
-
-if [ "$dflag$iflag$mflag$aflag" != "1111" ]
-then
-  usage
-  unlock_exit 2 $lock $locked
-fi
-
-# override dev with mac address match, if provided
-if [[ ! -z "$mac" ]]; then
-  logger -t cloud "$(basename $0): mac $mac passed, trying to match to device"
-  for i in `ls /sys/class/net`; do
-    if grep -q $mac /sys/class/net/$i/address; then
-      dev=$i
-      logger -t cloud "$(basename $0): matched dev $i to mac $mac, dev is now $dev"
-      break
-    fi
-  done
-fi
-
-gcidr="$ip/$mask"
-if [ -n "$rules" ]
-then
-  rules_list=$(echo $rules | cut -d, -f1- --output-delimiter=" ")
-fi
-
-# rule format
-# protocal:sport:eport:cidr
-#-a tcp:80:80:0.0.0.0/0::tcp:220:220:0.0.0.0/0:,172.16.92.44:tcp:222:222:192.168.10.0/24-75.57.23.0/22-88.100.33.1/32
-#    if any entry is reverted , entry will be in the format <ip>:reverted:0:0:0
-# example : 172.16.92.44:tcp:80:80:0.0.0.0/0:ACCEPT:,172.16.92.44:tcp:220:220:0.0.0.0/0:DROP,200.1.1.2:reverted:0:0:0
-
-success=0
-
-acl_chain_for_guest_network
-egress=0
-for r in $rules_list
-do
-  acl_entry_for_guest_network $r
-  success=$?
-  if [ $success -gt 0 ]
-  then
-    logger -t cloud "$(basename $0): failure to apply fw rules for guest network: $gcidr"
-    break
-  else
-    logger -t cloud "$(basename $0): successful in applying fw rules for guest network: $gcidr"
-  fi
-done
-
-if [ $success -gt 0 ]
-then
-  logger -t cloud "$(basename $0): restoring from backup for guest network: $gcidr"
-  acl_restore
-else
-  logger -t cloud "$(basename $0): deleting backup for guest network: $gcidr"
-  if [ $egress -eq 0 ]
-  then
-    sudo iptables -t mangle -A ACL_OUTBOUND_$dev -j ACCEPT 2>/dev/null
-  else
-    sudo iptables -t mangle -A ACL_OUTBOUND_$dev -j DROP 2>/dev/null
-  fi   
-  acl_switch_to_new
-fi
-unlock_exit $success $lock $locked
-

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6477bd8f/systemvm/patches/debian/config/opt/cloud/bin/vpc_guestnw.sh
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/vpc_guestnw.sh b/systemvm/patches/debian/config/opt/cloud/bin/vpc_guestnw.sh
deleted file mode 100755
index a788134..0000000
--- a/systemvm/patches/debian/config/opt/cloud/bin/vpc_guestnw.sh
+++ /dev/null
@@ -1,316 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-# guestnw.sh -- create/destroy guest network 
-# @VERSION@
-
-source /root/func.sh
-source /opt/cloud/bin/vpc_func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-
-usage() {
-  printf "Usage:\n %s -A  -M <mac> -d <dev> -i <ip address> -g <gateway> -m <network mask> -s <dns ip> -e < domain> [-f] \n" $(basename $0) >&2
-  printf " %s -D -d <dev> -i <ip address> \n" $(basename $0) >&2
-}
-
-
-destroy_acl_chain() {
-  sudo iptables -t mangle -F ACL_OUTBOUND_$dev 2>/dev/null
-  sudo iptables -t mangle -D PREROUTING -m state --state NEW -i $dev -s $subnet/$mask ! -d $ip -j ACL_OUTBOUND_$dev  2>/dev/null
-  sudo iptables -t mangle -X ACL_OUTBOUND_$dev 2>/dev/null
-  sudo iptables -F ACL_INBOUND_$dev 2>/dev/null
-  sudo iptables -D FORWARD -o $dev -d $subnet/$mask -j ACL_INBOUND_$dev  2>/dev/null
-  sudo iptables -X ACL_INBOUND_$dev 2>/dev/null
-
-}
-
-create_acl_chain() {
-  destroy_acl_chain
-  sudo iptables -t mangle -N ACL_OUTBOUND_$dev 2>/dev/null
-  sudo iptables -t mangle -A ACL_OUTBOUND_$dev -j ACCEPT 2>/dev/null
-  sudo iptables -t mangle -A PREROUTING -m state --state NEW -i $dev -s $subnet/$mask ! -d $ip -j ACL_OUTBOUND_$dev  2>/dev/null
-  sudo iptables -N ACL_INBOUND_$dev 2>/dev/null
-  # drop if no rules match (this will be the last rule in the chain)
-  sudo iptables -A ACL_INBOUND_$dev -j DROP 2>/dev/null
-  sudo iptables -A FORWARD -o $dev -d $subnet/$mask -j ACL_INBOUND_$dev  2>/dev/null
-}
-
-
-setup_apache2() {
-  logger -t cloud "Setting up apache web server for $dev"
-  cp /etc/apache2/vhostexample.conf /etc/apache2/conf.d/vhost$dev.conf
-  sed -i -e "s/<VirtualHost.*:80>/<VirtualHost $ip:80>/" /etc/apache2/conf.d/vhost$dev.conf
-  sed -i -e "s/<VirtualHost.*:443>/<VirtualHost $ip:443>/" /etc/apache2/conf.d/vhost$dev.conf
-  sed -i -e "s/\tServerName.*/\tServerName vhost$dev.cloudinternal.com/" /etc/apache2/conf.d/vhost$dev.conf
-  sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/conf.d/vhost$dev.conf
-  sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/conf.d/vhost$dev.conf
-  service apache2 restart
-  sudo iptables -D INPUT -i $dev -d $ip -p tcp -m state --state NEW --dport 80 -j ACCEPT
-  sudo iptables -A INPUT -i $dev -d $ip -p tcp -m state --state NEW --dport 80 -j ACCEPT
-}
-
-desetup_apache2() {
-  logger -t cloud "Desetting up apache web server for $dev"
-  rm -f /etc/apache2/conf.d/vhost$dev.conf
-  service apache2 restart
-  sudo iptables -D INPUT -i $dev -d $ip -p tcp -m state --state NEW --dport 80 -j ACCEPT
-}
-
-
-setup_dnsmasq() {
-  logger -t cloud "Setting up dnsmasq for network $ip/$mask "
-  # setup rules to allow dhcp/dns request
-  sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
-  sudo iptables -D INPUT -i $dev -d $ip -p udp -m udp --dport 53 -j ACCEPT
-  sudo iptables -D INPUT -i $dev -d $ip -p tcp -m tcp --dport 53 -j ACCEPT
-  sudo iptables -A INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
-  sudo iptables -A INPUT -i $dev -d $ip -p udp -m udp --dport 53 -j ACCEPT
-  sudo iptables -A INPUT -i $dev -d $ip -p tcp -m tcp --dport 53 -j ACCEPT
-  # setup static 
-  sed -i -e "/^[#]*dhcp-range=interface:$dev/d" /etc/dnsmasq.d/cloud.conf
-  echo "dhcp-range=interface:$dev,set:interface-$dev,$ip,static" >> /etc/dnsmasq.d/cloud.conf
-  # setup DOMAIN
-  [ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
-
-  sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,15.*$/d" /etc/dnsmasq.d/cloud.conf
-  echo "dhcp-option=tag:interface-$dev,15,$DOMAIN" >> /etc/dnsmasq.d/cloud.conf
-  service dnsmasq restart
-  sleep 1
-} 
-
-desetup_dnsmasq() {
-  logger -t cloud "Desetting up dnsmasq for network $ip/$mask "
-  # remove rules to allow dhcp/dns request
-  sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
-  sudo iptables -D INPUT -i $dev -d $ip -p udp -m udp --dport 53 -j ACCEPT
-  sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,option:router.*$/d" /etc/dnsmasq.d/cloud.conf
-  sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,6.*$/d" /etc/dnsmasq.d/cloud.conf
-  sed -i -e "/^[#]*dhcp-range=interface:$dev/d" /etc/dnsmasq.d/cloud.conf
-  service dnsmasq restart
-  sleep 1
-}
-
-setup_passwdsvcs() {
-  logger -t cloud "Setting up password service for network $ip/$mask, eth $dev "
-  sudo iptables -D INPUT -i $dev -d $ip -p tcp -m state --state NEW --dport 8080 -j ACCEPT
-  sudo iptables -A INPUT -i $dev -d $ip -p tcp -m state --state NEW --dport 8080 -j ACCEPT
-  nohup bash /opt/cloud/bin/vpc_passwd_server $ip >/dev/null 2>&1 &
-}
-
-desetup_passwdsvcs() {
-  logger -t cloud "Desetting up password service for network $ip/$mask, eth $dev "
-  sudo iptables -D INPUT -i $dev -d $ip -p tcp -m state --state NEW --dport 8080 -j ACCEPT
-  pid=`ps -ef | grep passwd_server_ip.py | grep $ip | grep -v grep | awk '{print $2}'`
-  if [ -n "$pid" ]
-  then
-    kill -9 $pid
-  fi 
-}
-
-create_guest_network() {
-  # need to wait for eth device to appear before configuring it
-  timer=0
-
-  # match dev based on mac, if passed
-  if [[ ! -z "$mac" ]]; then
-    logger -t cloud "$(basename $0): mac $mac passed, trying to match to device"
-    while [ ! $timer -gt 15 ]; do 
-      for i in `ls /sys/class/net`; do
-        if grep -q $mac /sys/class/net/$i/address; then
-          dev=$i
-          logger -t cloud "$(basename $0): matched dev $i to mac $mac, dev is now $dev"
-          timer=15
-          break
-        fi
-      done
-      sleep 1;
-      timer=$[timer + 1]
-    done
-  else
-    while ! `grep -q $dev /proc/net/dev` ; do
-      logger -t cloud "$(basename $0):Waiting for interface $dev to appear, $timer seconds"
-      sleep 1;
-      if [ $timer -gt 15 ]; then
-        logger -t cloud "$(basename $0):interface $dev never appeared"
-        break
-      fi
-      timer=$[timer + 1]
-    done
-  fi
-
-  logger -t cloud " $(basename $0): Create network on interface $dev,  gateway $gw, network $ip/$mask "
-  # setup ip configuration
-  sudo ip addr add dev $dev $ip/$mask brd +
-  sudo ip link set $dev up
-  sudo arping -c 3 -I $dev -A -U -s $ip $ip
-  echo 1 > /proc/sys/net/ipv4/conf/$dev/rp_filter
-  # restore mark from  connection mark
-  local tableName="Table_$dev"
-  sudo ip route add $subnet/$mask dev $dev table $tableName proto static
-  sudo iptables -t mangle -D PREROUTING -i $dev -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
-  sudo iptables -t nat -D POSTROUTING -s $subnet/$mask -o $dev -j SNAT --to-source $ip
-  sudo iptables -t mangle -A PREROUTING -i $dev -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
-  # set up hairpin
-  sudo iptables -t nat -A POSTROUTING -s $subnet/$mask -o $dev -j SNAT --to-source $ip
-  create_acl_chain
-  setup_dnsmasq
-  setup_apache2
-  setup_passwdsvcs
-
-  #enable rps, rfs
-  enable_rpsrfs $dev
-}
-
-enable_rpsrfs() {
-
-    if [  -f /etc/rpsrfsenable ]
-    then
-        enable=$(cat /etc/rpsrfsenable)
-        if [ $enable -eq 0 ]
-        then
-            return 0
-        fi
-    else
-        return 0
-    fi
-
-    proc=$(cat /proc/cpuinfo | grep "processor" | wc -l)
-    if [ $proc -le 1 ]
-    then
-        return 0
-    fi
-    dev=$1
-
-    num=1
-    num=$(($num<<$proc))
-    num=$(($num-1));
-    echo $num;
-    hex=$(printf "%x\n" $num)
-    echo $hex;
-    #enable rps
-    echo $hex > /sys/class/net/$dev/queues/rx-0/rps_cpus
-
-    #enble rfs
-    rps_flow_entries=$(cat /proc/sys/net/core/rps_sock_flow_entries)
-
-    if [ $rps_flow_entries -eq 0 ]
-    then
-        echo 256 > /proc/sys/net/core/rps_sock_flow_entries
-    fi
-
-    echo 256 > /sys/class/net/$dev/queues/rx-0/rps_flow_cnt
-
-}
-
-destroy_guest_network() {
-  logger -t cloud " $(basename $0): Create network on interface $dev,  gateway $gw, network $ip/$mask "
-
-  sudo ip addr del dev $dev $ip/$mask
-  sudo iptables -t mangle -D PREROUTING -i $dev -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
-  sudo iptables -t nat -D POSTROUTING -s $subnet/$mask -o $dev -j SNAT --to-source $ip
-  destroy_acl_chain
-  desetup_dnsmasq
-  desetup_apache2
-  desetup_passwdsvcs
-}
-
-#set -x
-iflag=0
-mflag=0
-nflag=0
-dflag=
-gflag=
-Cflag=
-Dflag=
-Mflag=
-
-op=""
-
-
-while getopts 'CDn:m:M:d:i:g:s:e:' OPTION
-do
-  case $OPTION in
-  C)	Cflag=1
-		op="-C"
-		;;
-  D)	Dflag=1
-		op="-D"
-		;;
-  n)	nflag=1
-		subnet="$OPTARG"
-		;;
-  m)	mflag=1
-		mask="$OPTARG"
-		;;
-  M)    Mflag=1
-                mac="$OPTARG"
-                ;;
-  d)	dflag=1
-  		dev="$OPTARG"
-  		;;
-  i)	iflag=1
-		ip="$OPTARG"
-  		;;
-  g)	gflag=1
-  		gw="$OPTARG"
-                ;;
-  s)    sflag=1
-                DNS="$OPTARG"
-                ;;
-  e)    eflag=1
-		DOMAIN="$OPTARG"
-  		;;
-  ?)	usage
-                unlock_exit 2 $lock $locked
-		;;
-  esac
-done
-
-vpccidr=$(getVPCcidr)
-
-if [ "$Cflag$Dflag$dflag" != "11" ]
-then
-    usage
-    unlock_exit 2 $lock $locked
-fi
-
-if [ "$Cflag" == "1" ] && [ "$iflag$gflag$mflag" != "111" ]
-then
-    usage
-    unlock_exit 2 $lock $locked
-fi
-
-
-if [ "$Cflag" == "1" ]
-then  
-  create_guest_network 
-fi
-
-
-if [ "$Dflag" == "1" ]
-then
-  destroy_guest_network
-fi
-
-unlock_exit 0 $lock $locked

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6477bd8f/systemvm/patches/debian/config/opt/cloud/bin/vpc_ipassoc.sh
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/vpc_ipassoc.sh b/systemvm/patches/debian/config/opt/cloud/bin/vpc_ipassoc.sh
deleted file mode 100755
index 8c5e0e4..0000000
--- a/systemvm/patches/debian/config/opt/cloud/bin/vpc_ipassoc.sh
+++ /dev/null
@@ -1,223 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
- 
-
-# ipassoc.sh -- associate/disassociate a public ip with an instance
-# @VERSION@
-
-source /root/func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-  exit 1
-fi
-
-usage() {
-  printf "Usage:\n %s -A -l <public-ip-address> -c <dev> [-f] \n" $(basename $0) >&2
-  printf " %s -D -l <public-ip-address> -c <dev> [-f] \n" $(basename $0) >&2
-}
-
-add_routing() {
-  logger -t cloud "$(basename $0):Add routing $pubIp on interface $ethDev"
-
-  local tableName="Table_$ethDev"
-  sudo ip route add $subnet/$mask dev $ethDev table $tableName proto static
-  sudo ip route add default via $defaultGwIP table $tableName proto static
-  sudo ip route flush cache
-  sudo ip route | grep default
-  if [ $? -gt 0 ]
-  then
-    sudo ip route add default via $defaultGwIP
-  fi
-  return 0
-}
-
-
-remove_routing() {
-  return 0
-}
-
-add_an_ip () {
-  # need to wait for eth device to appear before configuring it
-  timer=0
-  while ! `grep -q $ethDev /proc/net/dev` ; do
-    logger -t cloud "$(basename $0):Waiting for interface $ethDev to appear, $timer seconds"
-    sleep 1;
-    if [ $timer -gt 15 ]; then
-      logger -t cloud "$(basename $0):interface $ethDev never appeared"
-      break
-    fi
-    timer=$[timer + 1]
-  done
-
-  logger -t cloud "$(basename $0):Adding ip $pubIp on interface $ethDev"
-  sudo ip link show $ethDev | grep "state DOWN" > /dev/null
-  local old_state=$?
-
-  sudo ip addr add dev $ethDev $pubIp/$mask brd +
-  if [ $old_state -eq 0 ]
-  then
-    sudo ip link set $ethDev up
-  fi
-  sudo arping -c 1 -I $ethDev -A -U -s $pubIp $pubIp
-  sudo arping -c 1 -I $ethDev -A -U -s $pubIp $pubIp
-  local tableNo=${ethDev:3} 
-  sudo iptables-save -t mangle | grep  "PREROUTING -i $ethDev -m state --state NEW -j CONNMARK --set-xmark" 2>/dev/null
-  if [ $? -gt 0 ]
-  then
-    sudo iptables -t mangle -A PREROUTING -i $ethDev -m state --state NEW -j CONNMARK --set-mark $tableNo 2>/dev/null
-  fi
-
-  enable_rpsrfs $ethDev
-  add_routing 
-  return $?
-}
-
-enable_rpsrfs() {
-
-    if [  -f /etc/rpsrfsenable ]
-    then
-        enable=$(cat /etc/rpsrfsenable)
-        if [ $enable -eq 0 ]
-        then
-            return 0
-        fi
-    else
-        return 0
-    fi
-
-    proc=$(cat /proc/cpuinfo | grep "processor" | wc -l)
-    if [ $proc -le 1 ]
-    then
-        return 0
-    fi
-    dev=$1
-
-    num=1
-    num=$(($num<<$proc))
-    num=$(($num-1));
-    echo $num;
-    hex=$(printf "%x\n" $num)
-    echo $hex;
-    #enable rps
-    echo $hex > /sys/class/net/$dev/queues/rx-0/rps_cpus
-
-    #enble rfs
-    rps_flow_entries=$(cat /proc/sys/net/core/rps_sock_flow_entries)
-
-    if [ $rps_flow_entries -eq 0 ]
-    then
-        echo 256 > /proc/sys/net/core/rps_sock_flow_entries
-    fi
-
-    if [ $(cat /sys/class/net/$dev/queues/rx-0/rps_flow_cnt) -eq 0 ]
-    then
-        echo 256 > /sys/class/net/$dev/queues/rx-0/rps_flow_cnt
-    fi
-}
-
-remove_an_ip () {
-  logger -t cloud "$(basename $0):Removing ip $pubIp on interface $ethDev"
-  local existingIpMask=$(sudo ip addr show dev $ethDev | grep -v "inet6" | grep "inet " | awk '{print $2}')
-
-  sudo ip addr del dev $ethDev $pubIp/$mask
-  # reapply IPs in this interface
-  for ipMask in $existingIpMask
-  do
-    if [ "$ipMask" == "$pubIp/$mask" ]
-    then
-      continue
-    fi
-    sudo ip addr add dev $ethDev $ipMask brd +
-  done
-
-  remove_routing
-  return 0
-}
-
-#set -x
-lflag=0
-cflag=0
-gflag=0
-mflag=0
-nflag=0
-op=""
-
-
-while getopts 'ADl:c:g:m:n:' OPTION
-do
-  case $OPTION in
-  A)	Aflag=1
-		op="-A"
-		;;
-  D)	Dflag=1
-		op="-D"
-		;;
-  l)	lflag=1
-		pubIp="$OPTARG"
-		;;
-  c)	cflag=1
-  		ethDev="$OPTARG"
-  		;;
-  g)	gflag=1
-  		defaultGwIP="$OPTARG"
-  		;;
-  m)	mflag=1
-  		mask="$OPTARG"
-  		;;
-  n)	nflag=1
-  		subnet="$OPTARG"
-  		;;
-  ?)	usage
-                unlock_exit 2 $lock $locked
-		;;
-  esac
-done
-
-
-if [ "$Aflag$Dflag" != "1" ]
-then
-  usage
-  unlock_exit 2 $lock $locked
-fi
-
-if [ "$lflag$cflag$gflag$mflag$nflag" != "11111" ] 
-then
-  usage
-  unlock_exit 2 $lock $locked
-fi
-
-
-if [ "$Aflag" == "1" ]
-then
-  add_an_ip
-  unlock_exit $? $lock $locked
-fi
-
-
-if [ "$Dflag" == "1" ]
-then
-  remove_an_ip
-  unlock_exit $? $lock $locked
-fi
-
-
-unlock_exit 1 $lock $locked

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/6477bd8f/systemvm/patches/debian/config/opt/cloud/bin/vpc_loadbalancer.sh
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/vpc_loadbalancer.sh b/systemvm/patches/debian/config/opt/cloud/bin/vpc_loadbalancer.sh
deleted file mode 100755
index b9b377c..0000000
--- a/systemvm/patches/debian/config/opt/cloud/bin/vpc_loadbalancer.sh
+++ /dev/null
@@ -1,229 +0,0 @@
-#!/usr/bin/env bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-# @VERSION@
-
-do_ilb_if_ilb () {
-  local typ=""
-  local pattern="type=(.*)"
-
-  for keyval in $(cat /var/cache/cloud/cmdline)
-  do    
-     if [[ $keyval =~ $pattern ]]; then      
-        typ=${BASH_REMATCH[1]}; 
-     fi 
-  done
-  if [ "$typ" == "ilbvm" ]
-  then
-     logger -t cloud "$(basename $0): Detected that we are running in an internal load balancer vm"
-     $(dirname $0)/ilb.sh "$@"
-     exit $?
-  fi
-
-}
-
-logger -t cloud "$(basename $0): Entering $(dirname $0)/$(basename $0)"
-
-do_ilb_if_ilb "$@"
-
-source /root/func.sh
-source /opt/cloud/bin/vpc_func.sh
-
-lock="biglock"
-locked=$(getLockFile $lock)
-if [ "$locked" != "1" ]
-then
-    exit 1
-fi
-
-usage() {
-  printf "Usage: %s:  -i <domR eth1 ip>  -a <added public ip address ip:port> -d <removed ip:port> -f <load balancer config> -s <stats ip ip:port:cidr>  \n" $(basename $0) >&2
-}
-
-# set -x
-
-fw_remove_backup() {
-  sudo iptables -F back_load_balancer 2> /dev/null
-  sudo iptables -D INPUT -p tcp  -j back_load_balancer 2> /dev/null
-  sudo iptables -X back_load_balancer 2> /dev/null
-  sudo iptables -F back_lb_stats 2> /dev/null
-  sudo iptables -D INPUT -p tcp  -j back_lb_stats 2> /dev/null
-  sudo iptables -X back_lb_stats 2> /dev/null
-}
-
-fw_remove() {
-  sudo iptables -F load_balancer 2> /dev/null
-  sudo iptables -D INPUT -p tcp  -j load_balancer 2> /dev/null
-  sudo iptables -X load_balancer 2> /dev/null
-  sudo iptables -F lb_stats 2> /dev/null
-  sudo iptables -D INPUT -p tcp  -j lb_stats 2> /dev/null
-  sudo iptables -X lb_stats 2> /dev/null
-}
-
-fw_backup() {
-  fw_remove_backup
-  sudo iptables -E load_balancer back_load_balancer 2> /dev/null
-  sudo iptables -E lb_stats back_lb_stats 2> /dev/null
-}
-
-fw_restore() {
-  fw_remove
-  sudo iptables -E back_load_balancer load_balancer 2> /dev/null
-  sudo iptables -E back_lb_stats lb_stats 2> /dev/null
-}
-
-fw_chain_create () {
-  fw_backup
-  sudo iptables -N load_balancer 2> /dev/null
-  sudo iptables -A INPUT -p tcp  -j load_balancer 2> /dev/null
-  sudo iptables -N lb_stats 2> /dev/null
-  sudo iptables -A INPUT -p tcp  -j lb_stats 2> /dev/null
-}
-
-# firewall entry to ensure that haproxy can receive on specified port
-fw_entry() {
-  local added=$1
-  local removed=$2
-  local stats=$3
-  if [ "$added" == "none" ]
-  then
-  	added=""
-  fi
-  if [ "$removed" == "none" ]
-  then
-  	removed=""
-  fi
-  local a=$(echo $added | cut -d, -f1- --output-delimiter=" ")
-  local r=$(echo $removed | cut -d, -f1- --output-delimiter=" ")
-  fw_chain_create
-  success=0
-  while [ 1 ]
-  do
-    for i in $a
-    do
-      local pubIp=$(echo $i | cut -d: -f1)
-      local dport=$(echo $i | cut -d: -f2)    
-      sudo iptables -A load_balancer -p tcp -d $pubIp --dport $dport -j ACL_INBOUND_$dev 2>/dev/null
-      success=$?
-      if [ $success -gt 0 ]
-      then
-        break
-      fi
-    done
-    if [ "$stats" != "none" ]
-    then
-      local pubIp=$(echo $stats | cut -d: -f1)
-      local dport=$(echo $stats | cut -d: -f2)    
-      local cidrs=$(echo $stats | cut -d: -f3 | sed 's/-/,/')
-      sudo iptables -A lb_stats -s $cidrs -p tcp -d $pubIp --dport $dport -j ACCEPT 2>/dev/null
-      success=$?
-    fi
-    break
-  done
-  if [ $success -gt 0 ]
-  then
-    fw_restore
-  else
-    fw_remove_backup
-  fi  
-  return $success
-}
-
-#Hot reconfigure HA Proxy in the routing domain
-reconfig_lb() {
-  logger -t cloud "Reconfiguring loadbalancer using $1"
-  /root/reconfigLB.sh $1
-  return $?
-}
-
-# Restore the HA Proxy to its previous state, and revert iptables rules on DomR
-restore_lb() {
-  logger -t cloud "Restoring HA Proxy to previous state"
-  # Copy the old version of haproxy.cfg into the file that reconfigLB.sh uses
-  cp /etc/haproxy/haproxy.cfg.old /etc/haproxy/haproxy.cfg.new
-   
-  if [ $? -eq 0 ]
-  then
-    # Run reconfigLB.sh again
-    /root/reconfigLB.sh /etc/haproxy/haproxy.cfg.new
-  fi
-}
-
-iflag=
-aflag=
-dflag=
-fflag=
-sflag=
-
-while getopts 'i:a:d:f:s:' OPTION
-do
-  case $OPTION in
-  i)	iflag=1
-		ip="$OPTARG"
-		;;
-  a)	aflag=1
-		addedIps="$OPTARG"
-		;;
-  d)	dflag=1
-		removedIps="$OPTARG"
-		;;
-  s)	sflag=1
-		statsIp="$OPTARG"
-		;;
-  f)	fflag=1
-		cfgfile="$OPTARG"
-		;;
-  ?)	usage
-                unlock_exit 2 $lock $locked
-		;;
-  esac
-done
-
-
-dev=$(getEthByIp $ip)
-
-if [ "$addedIps" == "" ]
-then
-  addedIps="none"
-fi
-
-if [ "$removedIps" == "" ]
-then
-  removedIps="none"
-fi
-
-# hot reconfigure haproxy
-reconfig_lb $cfgfile
-
-if [ $? -gt 0 ]
-then
-  logger -t cloud "Reconfiguring loadbalancer failed"
-  unlock_exit 1 $lock $locked
-fi
-
-# iptables entry to ensure that haproxy receives traffic
-fw_entry $addedIps $removedIps $statsIp
-result=$?  	
-if [ $result -gt 0 ]
-then
-  logger -t cloud "Failed to apply firewall rules for load balancing, reverting HA Proxy config"
-  # Restore the LB
-  restore_lb
-fi
- 
-unlock_exit $result $lock $locked


Mime
View raw message