cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [cloudstack] 04/04: major scripts refactoring, make cloud-early-config small
Date Thu, 23 Nov 2017 13:16:59 GMT
This is an automated email from the ASF dual-hosted git repository.

bhaisaab pushed a commit to branch debian9-systemvmtemplate
in repository https://gitbox.apache.org/repos/asf/cloudstack.git

commit 8e44acdf0efc6da076c5cdc6bf0cabd12ee54a5f
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
AuthorDate: Thu Nov 23 18:45:49 2017 +0530

    major scripts refactoring, make cloud-early-config small
    
    Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
---
 .../debian/config/etc/init.d/cloud-early-config    | 1389 +-------------------
 .../debian/config/opt/cloud/bin/setup/common.sh    |  833 ++++++++++++
 .../config/opt/cloud/bin/setup/consoleproxy.sh     |   46 +
 .../debian/config/opt/cloud/bin/setup/default.sh   |   29 +
 .../debian/config/opt/cloud/bin/setup/dhcpsrvr.sh  |   60 +
 .../debian/config/opt/cloud/bin/setup/elbvm.sh     |   46 +
 .../debian/config/opt/cloud/bin/setup/ilbvm.sh     |   42 +
 .../opt/cloud/bin/{ => setup}/patchsystemvm.sh     |   22 +-
 .../debian/config/opt/cloud/bin/setup/router.sh    |  111 ++
 .../config/opt/cloud/bin/setup/secstorage.sh       |   74 ++
 .../debian/config/opt/cloud/bin/setup/vpcrouter.sh |  125 ++
 11 files changed, 1406 insertions(+), 1371 deletions(-)

diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-early-config b/systemvm/patches/debian/config/etc/init.d/cloud-early-config
index e973e9e..c0b7921 100755
--- a/systemvm/patches/debian/config/etc/init.d/cloud-early-config
+++ b/systemvm/patches/debian/config/etc/init.d/cloud-early-config
@@ -24,69 +24,23 @@
 # specific language governing permissions and limitations
 # under the License.
 
-PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
 #set -x
 #exec 3>&0 4>&1 > /var/log/test.log 2>&1
-#start hv_kvp daemon
-[ -f /usr/sbin/hv_kvp_daemon ] && /usr/sbin/hv_kvp_daemon
-
-# Fix haproxy directory issue
-mkdir -p /var/lib/haproxy
+PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
 
 # Clear boot up flag, it would be created by rc.local after boot up done
 rm -f /var/cache/cloud/boot_up_done
 
-# Randomize cloud password so only ssh login is allowed
-echo "cloud:`openssl rand -base64 32`" | chpasswd
-
 [ -x /sbin/ifup ] || exit 0
 
 . /lib/lsb/init-functions
 
+
 log_it() {
   echo "$(date) $@" >> /var/log/cloud.log
   log_action_msg "$@"
 }
 
-init_interfaces_orderby_macs() {
-    macs=( $(echo $1 | sed "s/|/ /g") )
-    total_nics=${#macs[@]}
-    interface_file=${2:-"/etc/network/interfaces"}
-    rule_file=${3:-"/etc/udev/rules.d/70-persistent-net.rules"}
-    
-    echo -n "auto lo" > $interface_file
-    for((i=0; i<total_nics; i++))
-    do
-        if [[ $i < 3 ]] 
-        then
-           echo -n " eth$i" >> $interface_file
-        fi
-    done
-    cat >> $interface_file << EOF
-
-iface lo inet loopback
-
-EOF
-
-    echo "" > $rule_file
-    for((i=0; i < ${#macs[@]}; i++))
-    do
-        echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"${macs[$i]}\", NAME=\"eth$i\"" >> $rule_file 
-    done
-}
-
-init_interfaces() {
-  if [ "$NIC_MACS" == "" ]
-  then
-    cat > /etc/network/interfaces << EOF
-auto lo $1 $2 $3
-iface lo inet loopback
-
-EOF
-  else
-    init_interfaces_orderby_macs "$NIC_MACS"
-  fi
-}
 
 hypervisor() {
   [ -d /proc/xen ] && mount -t xenfs none /proc/xen
@@ -101,15 +55,18 @@ hypervisor() {
   grep -q QEMU /var/log/messages && echo "kvm" && return 0
 
   echo "unknown" && return 1
+}
+
 
+config_guest() {
+  [ -f /usr/sbin/hv_kvp_daemon ] && /usr/sbin/hv_kvp_daemon
+  [ ! -d /proc/xen ] && sed -i 's/^vc/#vc/' /etc/inittab && telinit q
+  [  -d /proc/xen ] && sed -i 's/^#vc/vc/' /etc/inittab && telinit q
 }
 
-get_boot_params() {
-  local EXTRA_MOUNT=/media/extra
-  local hyp=$(hypervisor)
-  [ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10
 
-  case $hyp in
+get_boot_params() {
+  case $HYPERVISOR in
      xen-domU|xen-hvm)
           cat /proc/cmdline > /var/cache/cloud/cmdline
           sed -i "s/%/ /g" /var/cache/cloud/cmdline
@@ -172,19 +129,17 @@ get_boot_params() {
           fi
           ;;
   esac
-
 }
 
+
 patch() {
   local PATCH_MOUNT=/media/cdrom
   local patchfile=$PATCH_MOUNT/cloud-scripts.tgz
-  local md5file=/var/cache/cloud/cloud-scripts-signature
   local privkey=$PATCH_MOUNT/authorized_keys
-  local shouldpatch=false
+  local md5file=/var/cache/cloud/cloud-scripts-signature
   local cdrom_dev=
   mkdir -p $PATCH_MOUNT
 
-
   if [ -e /dev/xvdd ]; then
        cdrom_dev=/dev/xvdd
   elif [ -e /dev/cdrom ]; then
@@ -196,6 +151,7 @@ patch() {
   elif [ -e /dev/cdrom3 ]; then
        cdrom_dev=/dev/cdrom3
   fi
+
   [ -f /var/cache/cloud/authorized_keys ] && privkey=/var/cache/cloud/authorized_keys
 
   if [ -n "$cdrom_dev" ]; then
@@ -205,1325 +161,55 @@ patch() {
     [ -f ${md5file} ] && oldmd5=$(cat ${md5file})
     local newmd5=
     [ -f ${patchfile} ] && newmd5=$(md5sum ${patchfile} | awk '{print $1}')
- 
-   if [ "$oldmd5" != "$newmd5" ] && [ -f ${patchfile} ] && [ "$newmd5" != "" ]
+
+    log_it "Scripts checksum detected: oldmd5=$oldmd5 newmd5=$newmd5"
+    if [ "$oldmd5" != "$newmd5" ] && [ -f ${patchfile} ] && [ "$newmd5" != "" ]
     then
-      shouldpatch=true
-      log_it "Patching  scripts oldmd5=$oldmd5 newmd5=$newmd5"
       tar xzf $patchfile -C /
       echo ${newmd5} > ${md5file}
-    fi
-    log_it "Patching  cloud service"
-    hyperVisor=$(hypervisor)
-    /opt/cloud/bin/patchsystemvm.sh $PATCH_MOUNT $hyperVisor
-    umount $PATCH_MOUNT
-    
-    if [ "$shouldpatch" == "true" ] 
-    then
-      log_it "Rebooting system since we patched init scripts"
+      log_it "Patched scripts using $patchfile"
       sync
-      sleep 2
-      reboot
-    fi
-  fi
-  if [ -f /mnt/cmdline ]; then
-    cat /mnt/cmdline > /var/cache/cloud/cmdline
-  fi
-  return 0
-}
-
-patch_log4j() {
-log_it "Updating log4j-cloud.xml"
-mkdir -p /usr/local/cloud/systemvm/conf
-cat << "EOF" > /usr/local/cloud/systemvm/conf/temp.xml
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
-
-<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
-
-   <!-- ================================= -->
-   <!-- Preserve messages in a local file -->
-   <!-- ================================= -->
-
-   <appender name="FILE1" class="org.apache.log4j.RollingFileAppender">
-      <param name="File" value="/var/log/cloud.log"/>
-      <param name="MaxFileSize" value="10000KB"/>
-      <param name="MaxBackupIndex" value="4"/>
-
-     <layout class="org.apache.log4j.EnhancedPatternLayout">
-      <param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
-     </layout>
-    </appender>
-
-    <appender name="FILE2" class="org.apache.log4j.RollingFileAppender">
-       <param name="File" value="/var/log/cloud/cloud.out"/>
-       <param name="Append" value="true"/>
-       <param name="MaxFileSize" value="10000KB"/>
-       <param name="MaxBackupIndex" value="4"/>
-
-    <layout class="org.apache.log4j.EnhancedPatternLayout">
-     <param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
-    </layout>
-    </appender>
-
-     <appender name="FILE3" class="org.apache.log4j.rolling.RollingFileAppender">
-       <param name="File" value="/usr/local/cloud/systemvm/cloud.log"/>
-       <param name="Append" value="true"/>
-       <param name="MaxFileSize" value="10000KB"/>
-       <param name="MaxBackupIndex" value="4"/>
-
-     <layout class="org.apache.log4j.EnhancedPatternLayout">
-     <param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
-     </layout>
-    </appender>
-
-   <appender name="APISERVER" class="org.apache.log4j.rolling.RollingFileAppender">
-      <param name="Append" value="true"/>
-      <param name="Threshold" value="DEBUG"/>
-      <rollingPolicy class="org.apache.log4j.rolling.TimeBasedRollingPolicy">
-        <param name="FileNamePattern" value="/var/log/cloud/api-server.log.%d{yyyy-MM-dd}{GMT}.gz"/>
-        <param name="ActiveFileName" value="/var/log/cloud/api-server.log"/>
-      </rollingPolicy>
-
-      <layout class="org.apache.log4j.EnhancedPatternLayout">
-         <param name="ConversionPattern" value="%d{ISO8601}{GMT} %m%n"/>
-      </layout>
-   </appender>
-
-   <!-- ============================== -->
-   <!-- Append messages to the console -->
-   <!-- ============================== -->
-
-   <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
-      <param name="Target" value="System.out"/>
-      <param name="Threshold" value="INFO"/>
-
-      <layout class="org.apache.log4j.EnhancedPatternLayout">
-         <param name="ConversionPattern" value="%d{ABSOLUTE}{GMT} %5p %c{1}:%L - %m%n"/>
-      </layout>
-   </appender>
-
-   <!-- ================ -->
-   <!-- Limit categories -->
-   <!-- ================ -->
-
-   <category name="com.cloud">
-     <priority value="DEBUG"/>
-   </category>
-
-   <!-- Limit the org.apache category to INFO as its DEBUG is verbose -->
-   <category name="org.apache">
-      <priority value="INFO"/>
-   </category>
-
-   <category name="org">
-      <priority value="INFO"/>
-   </category>
-
-   <category name="net">
-     <priority value="INFO"/>
-   </category>
-
-   <category name="apiserver.com.cloud">
-     <priority value="DEBUG"/>
-   </category>
-
-   <logger name="apiserver.com.cloud" additivity="false">
-      <level value="DEBUG"/>
-      <appender-ref ref="APISERVER"/>
-   </logger>
-
-   <!-- ======================= -->
-   <!-- Setup the Root category -->
-   <!-- ======================= -->
-
-   <root>
-      <level value="INFO"/>
-      <appender-ref ref="CONSOLE"/>
-      <appender-ref ref="FILE1"/>
-      <appender-ref ref="FILE2"/>
-      <appender-ref ref="FILE3"/>
-   </root>
-
-</log4j:configuration>
-EOF
-mv /usr/local/cloud/systemvm/conf/temp.xml /usr/local/cloud/systemvm/conf/log4j-cloud.xml
-}
-
-setup_interface() {
-  local intfnum=$1
-  local ip=$2
-  local mask=$3
-  local gw=$4
-  local force=$5
-  local intf=eth${intfnum} 
-  local bootproto="static"
-
-
-  if [ "$BOOTPROTO" == "dhcp" ]
-  then
-    if [ "$intfnum" != "0" ]
-    then
-       bootproto="dhcp"
-    fi
-  fi
-
-  if [ "$ip" != "0.0.0.0" -a "$ip" != "" -o "$force" == "force" ]
-  then
-     echo "iface  $intf inet $bootproto" >> /etc/network/interfaces
-     if [ "$bootproto" == "static" ]
-     then
-       echo "  address $ip " >> /etc/network/interfaces
-       echo "  netmask $mask" >> /etc/network/interfaces
-     fi
-  fi
-
-  if [ "$ip" == "0.0.0.0" -o "$ip" == "" ]
-  then
-      ifconfig $intf down
-  fi
-
-  if [ "$force" == "force" ]
-  then
-      ifdown $intf
-  else
-      ifdown $intf
-      if [ "$RROUTER" != "1" -o "$1" != "2" ]
-      then
-          ifup $intf
-          timer=0
-          log_it "checking that $intf has IP "
-          while true
-          do
-              ip=$(ifconfig $intf | grep "inet addr:" | awk '{print $2}' | awk -F: '{print $2}')
-              if [ -z $ip ]
-              then
-                  sleep 1;
-                  #waiting for the interface to setup with ip
-                  log_it "waiting for $intf interface setup with ip timer=$timer"
-              else
-                  break
-              fi
-
-              if [ $timer -gt 15 ]
-              then
-                  log_it  "interface $intf is not set up with ip... exiting";
-                  break
-              fi
-
-              timer=`expr $timer + 1`
-          done
-      fi
-  fi
-}
-
-setup_interface_ipv6() {
-  sysctl net.ipv6.conf.all.disable_ipv6=0
-  sysctl net.ipv6.conf.all.forwarding=1
-  sysctl net.ipv6.conf.all.accept_ra=1
-
-  sed  -i "s/net.ipv6.conf.all.disable_ipv6 =.*$/net.ipv6.conf.all.disable_ipv6 = 0/" /etc/sysctl.conf
-  sed  -i "s/net.ipv6.conf.all.forwarding =.*$/net.ipv6.conf.all.forwarding = 1/" /etc/sysctl.conf
-  sed  -i "s/net.ipv6.conf.all.accept_ra =.*$/net.ipv6.conf.all.accept_ra = 1/" /etc/sysctl.conf
-
-  local intfnum=$1
-  local ipv6="$2"
-  local prelen="$3"
-  local intf=eth${intfnum}
-
-  echo "iface $intf inet6 static" >> /etc/network/interfaces
-  echo "  address $ipv6 " >> /etc/network/interfaces
-  echo "  netmask $prelen" >> /etc/network/interfaces
-  echo "  accept_ra 1" >> /etc/network/interfaces
-  ifdown $intf
-  ifup $intf
-}
-
-enable_fwding() {
-  local enabled=$1
-  log_it "cloud: enable_fwding = $1"
-  log_it "enable_fwding = $1"
-  echo "$1" > /proc/sys/net/ipv4/ip_forward
-  [ -f /etc/iptables/iptables.conf ] && sed  -i "s/ENABLE_ROUTING=.*$/ENABLE_ROUTING=$enabled/" /etc/iptables/iptables.conf && return
-}
-
-disable_rpfilter() {
-  log_it "cloud: disable rp_filter"
-  log_it "disable rpfilter"
-  sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf 
-}
-
-get_public_vif_list() {
-  local vif_list=""
-  for i in /sys/class/net/eth*; do
-    vif=$(basename $i);
-    if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ]
-    then
-      vif_list="$vif_list $vif";
     fi
-  done
-  
-  echo $vif_list
-}
-
-disable_rpfilter_domR() {
-  log_it "cloud: Tuning rp_filter on public interfaces"
-  
-  VIF_LIST=$(get_public_vif_list)
-  log_it "rpfilter public interfaces :  $VIF_LIST"
-  if [ "$DISABLE_RP_FILTER" == "true" ]
-  then
-      log_it "cloud: disable rp_filter on public interfaces"
-      sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf 
-      echo "0" > /proc/sys/net/ipv4/conf/default/rp_filter
-      for vif in $VIF_LIST; do
-         log_it "cloud: disable rp_filter on public interface: $vif"
-         sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 0/" /etc/sysctl.conf 
-         echo "0" > /proc/sys/net/ipv4/conf/$vif/rp_filter
-      done
-  else
-      log_it "cloud: enable rp_filter on public interfaces"
-      sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 1/" /etc/sysctl.conf 
-      echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter
-      for vif in $VIF_LIST; do
-         log_it "cloud: enable rp_filter on public interface: $vif"
-         sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 1/" /etc/sysctl.conf 
-         echo "1" > /proc/sys/net/ipv4/conf/$vif/rp_filter
-      done
-  fi
-  log_it "cloud: Enabling rp_filter on Non-public interfaces(eth0,eth1,lo)"
-  echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter
-  echo "1" > /proc/sys/net/ipv4/conf/eth1/rp_filter
-  echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter
-}
-
-enable_irqbalance() {
-  local enabled=$1
-  local proc=0
-
-  proc=$(cat /proc/cpuinfo | grep "processor" | wc -l)
-  if [ $proc -le 1 ]  && [ $enabled -eq 1 ]
-  then
-    enabled=0
-  fi
-
-  log_it "Processors = $proc  Enable service ${svc} = $enabled"
-  local cfg=/etc/default/irqbalance
-  [ -f $cfg ] && sed  -i "s/ENABLED=.*$/ENABLED=$enabled/" $cfg && return
-}
-
-disable_hvc() {
-  [ ! -d /proc/xen ] && sed -i 's/^vc/#vc/' /etc/inittab && telinit q
-  [  -d /proc/xen ] && sed -i 's/^#vc/vc/' /etc/inittab && telinit q
-}
-
-enable_vpc_rpsrfs() {
-    local enable=$1
-    if [ $enable -eq 0 ]
-    then
-        echo 0 > /etc/rpsrfsenable
-    else
-        echo 1 > /etc/rpsrfsenable
-    fi
-
-    return 0
-}
-
-enable_rpsrfs() {
-  local enable=$1
-
-  if [ $enable -eq 0 ]
-  then
-      echo 0 > /etc/rpsrfsenable
-      return 0
-  fi
-
-  if [ ! -f /sys/class/net/eth0/queues/rx-0/rps_cpus ]
-  then
-      echo "rps is not enabled in the kernel"
-      echo 0 > /etc/rpsrfsenable
-      return 0
-  fi
-
-  proc=$(cat /proc/cpuinfo | grep "processor" | wc -l)
-  if [ $proc -le 1 ]
-  then
-      echo 0 > /etc/rpsrfsenable
-      return 0;
-  fi
-
-  echo 1 > /etc/rpsrfsenable
-  num=1
-  num=$(($num<<$proc))
-  num=$(($num-1));
-  echo $num;
-  hex=$(printf "%x\n" $num)
-  echo $hex;
-  #enable rps
-  echo $hex > /sys/class/net/eth0/queues/rx-0/rps_cpus
-  echo $hex > /sys/class/net/eth2/queues/rx-0/rps_cpus
 
-  #enble rfs
-  echo 256 > /proc/sys/net/core/rps_sock_flow_entries
-  echo 256 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt
-  echo 256 > /sys/class/net/eth2/queues/rx-0/rps_flow_cnt
-}
-
-setup_common() {
-  init_interfaces $1 $2 $3
-  if [ -n "$ETH0_IP" ]
-  then
-    setup_interface "0" $ETH0_IP $ETH0_MASK $GW
-  fi
-  if [ -n "$ETH0_IP6" ]
-  then
-      setup_interface_ipv6 "0" $ETH0_IP6 $ETH0_IP6_PRELEN
-  fi
-  setup_interface "1" $ETH1_IP $ETH1_MASK $GW
-  if [ -n "$ETH2_IP" ]
-  then
-    setup_interface "2" $ETH2_IP $ETH2_MASK $GW
-  fi
-   
-  echo $NAME > /etc/hostname
-  echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon
-  hostnamectl set-hostname $NAME
-  
-  #Nameserver
-  sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries
-  sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries
-  if [ -n "$internalNS1" ]
-  then
-    echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf
-    echo "nameserver $internalNS1" > /etc/resolv.conf
-  fi
-  
-  if [ -n "$internalNS2" ]
-  then
-    echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf
-    echo "nameserver $internalNS2" >> /etc/resolv.conf
-  fi
-  if [ -n "$NS1" ]
-  then
-    echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf
-    echo "nameserver $NS1" >> /etc/resolv.conf
-  fi
-  
-  if [ -n "$NS2" ]
-  then
-    echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
-    echo "nameserver $NS2" >> /etc/resolv.conf
-  fi
-
-  if [ -n "$IP6_NS1" ]
-  then
-    echo "nameserver $IP6_NS1" >> /etc/dnsmasq-resolv.conf
-    echo "nameserver $IP6_NS1" >> /etc/resolv.conf
-  fi
-  if [ -n "$IP6_NS2" ]
-  then
-    echo "nameserver $IP6_NS2" >> /etc/dnsmasq-resolv.conf
-    echo "nameserver $IP6_NS2" >> /etc/resolv.conf
-  fi
-
-  if [ -n "$MGMTNET"  -a -n "$LOCAL_GW" ]
-  then
-    ip route add $MGMTNET via $LOCAL_GW dev eth1
-  fi
-
-  ip route delete default
-  if [ "$RROUTER" != "1" ]
-  then
-    gwdev=$3
-    if [ -z "$gwdev" ]
-    then
-      gwdev="eth0"
-    fi
-
-    ip route add default via $GW dev $gwdev
-
-  fi
- 
-  # a hacking way to activate vSwitch under VMware
-  ping -n -c 3 $GW &
-  sleep 3
-  pkill ping
-  if [ -n "$MGMTNET"  -a -n "$LOCAL_GW" ]
-  then
-      ping -n -c 3 $LOCAL_GW &
-      sleep 3
-      pkill ping
-      #This code is added to address ARP issue by pinging MGMT_GW
-      MGMT_GW=$(echo $MGMTNET | awk -F "." '{print $1"."$2"."$3".1"}')
-      ping -n -c 3 $MGMT_GW &
-      sleep 3
-      pkill ping
-  
-  fi
-
-  local hyp=$(hypervisor)
-  if [ "$hyp" == "vmware" ]; then
-      ntpq -p &> /dev/null || vmware-toolbox-cmd timesync enable
-  fi
-}
-
-setup_dnsmasq() {
-  log_it "Setting up dnsmasq"
-
-  touch /etc/dhcpopts.txt
-
-  [ -z $DHCP_RANGE ] && [ $ETH0_IP ] && DHCP_RANGE=$ETH0_IP
-  [ $ETH0_IP6 ] && DHCP_RANGE_IP6=$ETH0_IP6
-  [ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
-  #removing the dnsmasq multiple ranges config file.
-  rm /etc/dnsmasq.d/multiple_ranges.conf
-
-  #get the template
-  cp /etc/dnsmasq.conf.tmpl /etc/dnsmasq.conf
-  
-  if [ -n "$DOMAIN" ]
-  then
-        #send domain name to dhcp clients
-        sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf
-        #DNS server will append $DOMAIN to local queries
-        sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
-        #answer all local domain queries
-        sed  -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
-  fi
-  
-  if [ -n  "$DNS_SEARCH_ORDER" ]
-  then
-      sed -i -e "/^[#]*dhcp-option.*=119.*$/d" /etc/dnsmasq.conf
-      echo "dhcp-option-force=119,$DNS_SEARCH_ORDER" >> /etc/dnsmasq.conf
-      # set the domain search order as a space seprated list for option 15
-      DNS_SEARCH_ORDER=$(echo $DNS_SEARCH_ORDER | sed 's/,/ /g')
-      #send domain name to dhcp clients 
-      sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\""$DNS_SEARCH_ORDER"\"/ /etc/dnsmasq.conf
-  fi
-  
-  if [ $DHCP_RANGE ]
-  then
-    sed -i -e "s/^dhcp-range_ip4=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf
-  else
-    sed -i -e "s/^dhcp-range_ip4=.*$//" /etc/dnsmasq.conf
-  fi
-  if [ $DHCP_RANGE_IP6 ]
-  then
-    sed -i -e "s/^dhcp-range_ip6=.*$/dhcp-range=$DHCP_RANGE_IP6,static/" /etc/dnsmasq.conf
-    # For nondefault6 tagged host, don't send dns-server information
-    sed -i /nondefault6/d /etc/dnsmasq.conf
-    echo "dhcp-option=nondefault6,option6:dns-server" >> /etc/dnsmasq.conf
-  else
-    sed -i -e "s/^dhcp-range_ip6=.*$//" /etc/dnsmasq.conf
-  fi
-
-  if [ "$RROUTER" == "1" ]
-  then
-    DEFAULT_GW=$GUEST_GW
-    INTERNAL_DNS=$GUEST_GW
-  else
-    if [ "$TYPE" == "dhcpsrvr" ]
-    then
-      DEFAULT_GW=$GW
-    else
-      DEFAULT_GW=$ETH0_IP
-    fi
-    INTERNAL_DNS=$ETH0_IP
-  fi
-  sed -i -e "/^[#]*dhcp-option=option:router.*$/d" /etc/dnsmasq.conf
-  [ $DEFAULT_GW ] && echo "dhcp-option=option:router,$DEFAULT_GW" >> /etc/dnsmasq.conf
-
-  [ $ETH0_IP ] && [ $NS1 ] && NS="$NS1,"
-  [ $ETH0_IP ] && [ $NS2 ] && NS="$NS$NS2,"
-  [ $ETH0_IP6 ] && [ $IP6_NS1 ] && NS6="[$IP6_NS1],"
-  [ $ETH0_IP6 ] && [ $IP6_NS2 ] && NS6="$NS6[$IP6_NS2],"
-  #for now set up ourself as the dns server as well
-  sed -i -e "/^[#]*dhcp-option=6,.*$/d" /etc/dnsmasq.conf
-  sed -i -e "/^[#]*dhcp-option=option6:dns-server,.*$/d" /etc/dnsmasq.conf
-  if [ "$USE_EXTERNAL_DNS" != "true" ]
-  then
-    [ $ETH0_IP ] && NS="$INTERNAL_DNS,$NS"
-    [ $ETH0_IP6 ] && NS6="[::],$NS6"
-    # enable dns
-    sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf
-  else
-    # disable dns
-    sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf
-    echo "port=0" >> /etc/dnsmasq.conf
-  fi
-  NS=${NS%?}
-  NS6=${NS6%?}
-  [ $ETH0_IP ] && echo "dhcp-option=6,$NS" >> /etc/dnsmasq.conf
-  [ $ETH0_IP6 ] && echo "dhcp-option=option6:dns-server,$NS6" >> /etc/dnsmasq.conf
-#adding the name data-server to the /etc/hosts for allowing the access to user-data service and ssh-key reset in every subnet.
-#removing the existing entires to avoid duplicates on restarts.
-  sed -i  '/data-server/d' /etc/hosts
-  if [ -n "$ETH0_IP" ]
-          then
-           echo "$ETH0_IP data-server" >> /etc/hosts
-  fi
-  if [ -n "$ETH0_IP6" ]
-      then
-       echo "$ETH0_IP6 data-server" >> /etc/hosts
-  fi
-#add the dhcp-client-update only if dnsmasq version is 2.6 and above
-  dnsmasqVersion=$(dnsmasq -v |  grep version -m 1 | grep -o  "[[:digit:]]\.[[:digit:]]")
-  major=$(echo "$dnsmasqVersion" | cut -d '.' -f 1)
-  minor=$(echo "$dnsmasqVersion" | cut -d '.' -f 2)
-  if [ "$major" -eq '2' -a  "$minor" -ge '6' ] || [ "$major" -gt '2' ]
-  then
-      sed -i -e "/^dhcp-client-update/d" /etc/dnsmasq.conf
-      echo 'dhcp-client-update' >> /etc/dnsmasq.conf
-  fi
-
-  command -v dhcp_release > /dev/null 2>&1
-  no_dhcp_release=$?
-  if [ $no_dhcp_release -eq 0 -a -z "$ETH0_IP6" ]
-  then
-      echo 1 > /var/cache/cloud/dnsmasq_managed_lease
-      sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf
-  else
-      echo 0 > /var/cache/cloud/dnsmasq_managed_lease
-  fi
-}
-
-setup_sshd(){
-  local ip=$1
-  local eth=$2
-  [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config
-  sed -i "/3922/s/eth./$eth/" /etc/iptables/rules.v4
-  sed -i "/3922/s/eth./$eth/" /etc/iptables/rules
-  systemctl restart sshd
-}
-
-
-setup_vpc_apache2() {
-  log_it "Setting up apache web server for VPC"
-  systemctl disable apache2
-  clean_ipalias_config
-  setup_apache2_common
-}
-
-
-clean_ipalias_config() {
-  # Old
-  rm -f /etc/apache2/conf.d/ports.*.meta-data.conf
-  rm -f /etc/apache2/sites-available/ipAlias*
-  rm -f /etc/apache2/sites-enabled/ipAlias*
-  rm -f /etc/apache2/conf.d/vhost*.conf
-  rm -f /etc/apache2/ports.conf
-  rm -f /etc/apache2/vhostexample.conf
-  rm -f /etc/apache2/sites-available/default
-  rm -f /etc/apache2/sites-available/default-ssl
-  rm -f /etc/apache2/sites-enabled/default
-  rm -f /etc/apache2/sites-enabled/default-ssl
-
-  # New
-  rm -f /etc/apache2/sites-enabled/vhost-*.conf
-  rm -f /etc/apache2/sites-enabled/000-default
-
-  rm -rf /etc/failure_config
-}
-
-setup_apache2_common() {
-  sed -i 's/^Include ports.conf.*/# CS: Done by Python CsApp config\n#Include ports.conf/g' /etc/apache2/apache2.conf
-  [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security
-  [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security
-
-  # Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/
-  [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf
-
-  echo "Options -Indexes" > /var/www/html/.htaccess
-}
-
-setup_apache2() {
-  log_it "Setting up apache web server"
-  clean_ipalias_config
-  setup_apache2_common
-  local ip=$1
-}
-
-setup_aesni() {
-  if [ `grep aes /proc/cpuinfo | wc -l` -gt 0 ]
-  then
-    modprobe aesni_intel
-  fi
-}
-
-load_modules() {
-
- #load nf modules for ftp
- modprobe nf_nat_ftp
- modprobe nf_conntrack_ftp
-}
-
-setup_router() {
-  log_it "Setting up virtual router system vm"
-
-   #To save router public interface and gw ip information
-   touch /var/cache/cloud/ifaceGwIp
-
-  oldmd5=
-  [ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}')
-  
-  if [ -n "$ETH2_IP" ]
-  then
-      setup_common eth0 eth1 eth2
-      
-      if [ -n "$EXTRA_PUBNICS" ]
-      then
-        for((i = 3; i < 3 + $EXTRA_PUBNICS; i++))
-        do
-            setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force"
-        done
-      fi
-  else
-    setup_common eth0 eth1
-      if [ -n "$EXTRA_PUBNICS" ]
-      then
-        for((i = 2; i < 2 + $EXTRA_PUBNICS; i++))
-        do
-            setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force"
-        done
-      fi
-  fi
- 
-  # Moved to Cs Python code 
-  #if [ -n "$ETH2_IP" -a "$RROUTER" == "1" ]
-  #then
-    #setup_redundant_router
-  #fi
-  
-  log_it "Checking udev NIC assignment order changes"
-  if [ "$NIC_MACS" != "" ]
-  then
-    init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules"
-    newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}')
-    rm /tmp/interfaces
-    rm /tmp/udev-rules
-    
-    if [ "$oldmd5" != "$newmd5" ]
-    then
-      log_it "udev NIC assignment requires reboot to take effect"
-      sync
-      sleep 2
-      reboot
-    fi
-  fi
-  
-  setup_aesni
-  setup_dnsmasq
-  setup_apache2 $ETH0_IP
-
-  sed -i  /gateway/d /etc/hosts
-  echo "$ETH0_IP $NAME" >> /etc/hosts
-
-
-  systemctl enable dnsmasq haproxy cloud-passwd-srvr
-  systemctl restart dnsmasq haproxy cloud-passwd-srvr
-  enable_irqbalance 1
-  disable_rpfilter_domR
-  enable_fwding 1
-  enable_rpsrfs 1
-  systemctl disable nfs-common
-  cp /etc/iptables/iptables-router /etc/iptables/rules.v4
-#for old templates
-  cp /etc/iptables/iptables-router /etc/iptables/rules
-  setup_sshd $ETH1_IP "eth1"
-  load_modules
-
-  #Only allow DNS service for current network
-  sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
-  sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
-  sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
-  sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
-
-  #setup hourly logrotate
-  mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1
-  
-}
-
-
-
-setup_vpcrouter() {
-  log_it "Setting up VPC virtual router system vm"
-
-  if [ -f /etc/hosts ]; then
-    grep -q $NAME /etc/hosts || echo "127.0.0.1 $NAME" >> /etc/hosts;
-  fi
-
-    cat > /etc/network/interfaces << EOF
-auto lo eth0
-iface lo inet loopback
-EOF
-  setup_interface "0" $ETH0_IP $ETH0_MASK $GW
-   
-  echo $NAME > /etc/hostname
-  echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon
-  hostnamectl set-hostname $NAME
-  
-  #Nameserver
-  sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries
-  sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries
-  if [ -n "$internalNS1" ]
-  then
-    echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf
-    echo "nameserver $internalNS1" > /etc/resolv.conf
-  fi
-  
-  if [ -n "$internalNS2" ]
-  then
-    echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf
-    echo "nameserver $internalNS2" >> /etc/resolv.conf
-  fi
-  if [ -n "$NS1" ]
-  then
-    echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf
-    echo "nameserver $NS1" >> /etc/resolv.conf
-  fi
-  
-  if [ -n "$NS2" ]
-  then
-    echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
-    echo "nameserver $NS2" >> /etc/resolv.conf
-  fi
-  if [ -n "$MGMTNET"  -a -n "$LOCAL_GW" ]
-  then
-     if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ];
-     then
-         ip route add $MGMTNET via $LOCAL_GW dev eth0
-         
-          # a hacking way to activate vSwitch under VMware
-         ping -n -c 3 $LOCAL_GW &
-         sleep 3
-         pkill ping
-     fi
-  fi
-
-  ip route delete default
-  # create route table for static route
-
-  sudo echo "252 static_route" >> /etc/iproute2/rt_tables 2>/dev/null
-  sudo echo "251 static_route_back" >> /etc/iproute2/rt_tables 2>/dev/null
-  sudo ip rule add from $VPCCIDR table static_route 2>/dev/null
-  sudo ip rule add from $VPCCIDR table static_route_back 2>/dev/null
-
-  setup_vpc_apache2
-
-  systemctl enable dnsmasq haproxy cloud-passwd-srvr
-  enable_irqbalance 1
-  enable_vpc_rpsrfs 1
-  disable_rpfilter
-  enable_fwding 1
-  cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules.v4
-  cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules
-  setup_sshd $ETH0_IP "eth0"
-  cp /etc/vpcdnsmasq.conf /etc/dnsmasq.conf
-  cp /etc/cloud-nic.rules /etc/udev/rules.d/cloud-nic.rules
-  echo "" > /etc/dnsmasq.d/dhcphosts.txt
-  echo "dhcp-hostsfile=/etc/dhcphosts.txt" > /etc/dnsmasq.d/cloud.conf
-
-  [ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
-  #DNS server will append $DOMAIN to local queries
-  sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
-  #answer all local domain queries
-  sed  -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
-
-  command -v dhcp_release > /dev/null 2>&1
-  no_dhcp_release=$?
-  if [ $no_dhcp_release -eq 0 ]
-  then
-      echo 1 > /var/cache/cloud/dnsmasq_managed_lease
-      sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf
-  else
-      echo 0 > /var/cache/cloud/dnsmasq_managed_lease
-  fi
-  load_modules
-
-  systemctl restart dnsmasq haproxy cloud-passwd-srvr
-
-  #setup hourly logrotate
-  mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1
-
-}
-
-
-
-setup_dhcpsrvr() {
-  log_it "Setting up dhcp server system vm"
-  setup_common eth0 eth1
-  setup_dnsmasq
-  setup_apache2 $ETH0_IP
-
-  sed -i  /gateway/d /etc/hosts
-  [ $ETH0_IP ] && echo "$ETH0_IP $NAME" >> /etc/hosts
-  [ $ETH0_IP6 ] && echo "$ETH0_IP6 $NAME" >> /etc/hosts
-
-  systemctl enable dnsmasq cloud-passwd-srvr
-  systemctl restart dnsmasq cloud-passwd-srvr
-  enable_irqbalance 0
-  enable_fwding 0
-  systemctl disable nfs-common
-
-  cp /etc/iptables/iptables-router /etc/iptables/rules.v4
-  cp /etc/iptables/iptables-router /etc/iptables/rules
-
-  #Only allow DNS service for current network
-  sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
-  sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
-  sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
-  sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
-
-  if [ "$SSHONGUEST" == "true" ]
-  then
-    setup_sshd $ETH0_IP "eth0"
-  else
-    setup_sshd $ETH1_IP "eth1"
-  fi
-}
-
-setup_storage_network() {
-    if [ x"$STORAGE_IP" == "x" -o x"$STORAGE_NETMASK" == "x" ]
-    then
-        log_it "Incompleted parameters STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR. Cannot setup storage network"
-        return
-    fi
-
-    echo "" >> /etc/network/interfaces
-    echo "auto eth3" >> /etc/network/interfaces
-
-    setup_interface "3" "$STORAGE_IP" "$STORAGE_NETMASK"
-    [ -n "$MTU" ] && ifconfig eth3 mtu $MTU && echo "  mtu $MTU" >> /etc/network/interfaces
-    #ip route add "$STORAGE_CIDR" via "$STORAGE_IP"
-    log_it "Successfully setup storage network with STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR"
-}
-
-setup_system_rfc1918_internal() {
-  public_ip=`getPublicIp`
-  echo "$public_ip" | grep -E "^((127\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(192\.168\.))"
-  if [ "$?" == "0" ]; then
-     log_it "Not setting up route of RFC1918 space to $LOCAL_GW befause $public_ip is RFC1918."
-  else
-     log_it "Setting up route of RFC1918 space to $LOCAL_GW"
-     # Setup general route for RFC 1918 space, as otherwise it will be sent to
-     # the public gateway and not work
-     # More specific routes that may be set have preference over this generic route.
-     ip route add 10.0.0.0/8 via $LOCAL_GW
-     ip route add 172.16.0.0/12 via $LOCAL_GW
-     ip route add 192.168.0.0/16 via $LOCAL_GW
-  fi
-}
-
-getPublicIp() {
-  public_ip=$ETH2_IP
-  [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP
-  echo $public_ip
-}
-
-setup_ntp() {
-    log_it "Setting up NTP"
-    NTP_CONF_FILE="/etc/ntp.conf"
-    if [ -f $NTP_CONF_FILE ]
-    then
-        IFS=',' read -a server_list <<< "$NTP_SERVER_LIST"
-        for (( iterator=${#server_list[@]}-1 ; iterator>=0 ; iterator-- ))
-        do
-            server=$(echo ${server_list[iterator]} | tr -d '\r')
-            PATTERN="server $server"
-            if grep -q "^$PATTERN$" $NTP_CONF_FILE ; then
-                sed -i "/^$PATTERN$/d" $NTP_CONF_FILE
-            fi
-            sed -i "0,/^server/s//$PATTERN\nserver/" $NTP_CONF_FILE
-        done
-        systemctl restart ntp
-    else
-        log_it "NTP configuration file not found"
-    fi
-}
-
-setup_secstorage() {
-  log_it "Setting up secondary storage system vm"
-  sysctl vm.min_free_kbytes=8192
-  local hyp=$1
-  setup_common eth0 eth1 eth2
-  setup_storage_network
-  setup_system_rfc1918_internal
-  sed -i  /gateway/d /etc/hosts
-  public_ip=`getPublicIp`
-  echo "$public_ip $NAME" >> /etc/hosts
-
-  cp /etc/iptables/iptables-secstorage /etc/iptables/rules.v4
-  cp /etc/iptables/iptables-secstorage /etc/iptables/rules
-  if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then
-    setup_sshd $ETH1_IP "eth1"
-  else
-    setup_sshd $ETH0_IP "eth0"
-  fi
-  setup_apache2 $ETH2_IP
-
-  # Deprecated, should move to Cs Python all of it
-  sed -e "s/<VirtualHost .*:80>/<VirtualHost $ETH2_IP:80>/" \
-    -e "s/<VirtualHost .*:443>/<VirtualHost $ETH2_IP:443>/" \
-    -e "s/Listen .*:80/Listen $ETH2_IP:80/g" \
-    -e "s/Listen .*:443/Listen $ETH2_IP:443/g" \
-    -e "s/NameVirtualHost .*:80/NameVirtualHost $ETH2_IP:80/g" /etc/apache2/vhost.template > /etc/apache2/sites-enabled/vhost-${ETH2_IP}.conf
-
-  log_it "setting up apache2 for post upload of volume/template"
-  a2enmod proxy
-  a2enmod proxy_http
-  a2enmod headers
-
-  cat >/etc/apache2/cors.conf <<CORS
-RewriteEngine On
-RewriteCond %{HTTPS} =on
-RewriteCond %{REQUEST_METHOD} =POST
-RewriteRule ^/upload/(.*) http://127.0.0.1:8210/upload?uuid=\$1 [P,L]
-Header always set Access-Control-Allow-Origin "*"
-Header always set Access-Control-Allow-Methods "POST, OPTIONS"
-Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires"
-CORS
-
-  disable_rpfilter
-  enable_fwding 0
-  systemctl disable haproxy dnsmasq cloud-passwd-srvr
-  systemctl enable cloud apache2
-  systemctl restart cloud apache2
-  enable_irqbalance 0
-  rm /etc/logrotate.d/cloud
-  setup_ntp
-}
-
-setup_console_proxy() {
-  log_it "Setting up console proxy system vm"
-  local hyp=$1
-  setup_common eth0 eth1 eth2
-  setup_system_rfc1918_internal
-  public_ip=`getPublicIp`
-  sed -i  /gateway/d /etc/hosts
-  echo "$public_ip $NAME" >> /etc/hosts
-  cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules.v4
-  cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules
-  if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then
-    setup_sshd $ETH1_IP "eth1"
-  else
-    setup_sshd $ETH0_IP "eth0"
+    log_it "Patching cloud service"
+    /opt/cloud/bin/setup/patchsystemvm.sh $PATCH_MOUNT $HYPERVISOR $TYPE
+    umount $PATCH_MOUNT
   fi
 
-  systemctl enable cloud
-  disable_rpfilter
-  enable_fwding 0
-  enable_irqbalance 0
-  systemctl disable nfs-common
-  rm /etc/logrotate.d/cloud
-}
-
-setup_elbvm() {
-  log_it "Setting up Elastic Load Balancer system vm"
-  local hyp=$1
-  setup_common eth0 eth1
-  sed -i  /gateway/d /etc/hosts
-  public_ip=$ETH2_IP
-  [ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP
-  echo "$public_ip $NAME" >> /etc/hosts
-
-  cp /etc/iptables/iptables-elbvm /etc/iptables/rules.v4
-  cp /etc/iptables/iptables-elbvm /etc/iptables/rules
-  if [ "$SSHONGUEST" == "true" ]
-  then
-    setup_sshd $ETH0_IP "eth0"
-  else
-    setup_sshd $ETH1_IP "eth1"
+  if [ -f /mnt/cmdline ]; then
+    cat /mnt/cmdline > /var/cache/cloud/cmdline
   fi
-  
-  enable_fwding 0
-  enable_irqbalance 0
-  systemctl disable nfs-common
-  systemctl disable portmap
-}
-
-setup_ilbvm() {
-  log_it "Setting up Internal Load Balancer system vm"
-  local hyp=$1
-  setup_common eth0 eth1
-  #eth0 = guest network, eth1=control network
 
-  sed -i  /$NAME/d /etc/hosts
-  echo "$ETH0_IP $NAME" >> /etc/hosts
-
-  cp /etc/iptables/iptables-ilbvm /etc/iptables/rules.v4
-  cp /etc/iptables/iptables-ilbvm /etc/iptables/rules
-  setup_sshd $ETH1_IP "eth1"
-  
-  enable_fwding 0
-  systemctl enable haproxy
-  enable_irqbalance 1
-  systemctl disable nfs-common
-  systemctl disable portmap
+  return 0
 }
 
-setup_default() {
-  cat > /etc/network/interfaces << EOF
-auto lo
-iface lo inet loopback
-EOF
-  cp -f /etc/iptables/rt_tables_init /etc/iproute2/rt_tables
-}
 
-change_password() {
-    if [ x"$VM_PASSWORD" != x"" ]
-    then
-        echo "root:$VM_PASSWORD" | chpasswd
-    fi
-}
 
 start() {
   # Clear /tmp for file lock
   rm -f /tmp/*.lock
   rm -f /tmp/rrouter_bumped
-  local hyp=$(hypervisor)
+
+  export HYPERVISOR=$(hypervisor)
   [ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10
-  log_it "Detected that we are running inside $hyp guest"
+  log_it "Detected that we are running inside $HYPERVISOR"
+
+  config_guest
   get_boot_params
   patch
-  patch_log4j
-  parse_cmd_line
-  change_password
-  case $TYPE in 
-     router)
-         [ "$NAME" == "" ] && NAME=router
-         setup_router
-         if [ -x /opt/cloud/bin/update_config.py ]
-         then
-             /opt/cloud/bin/update_config.py cmd_line.json
-         fi
-      ;;
-     vpcrouter)
-         [ "$NAME" == "" ] && NAME=vpcrouter
-         setup_vpcrouter
-         if [ -x /opt/cloud/bin/update_config.py ]
-         then
-             /opt/cloud/bin/update_config.py cmd_line.json
-         fi
-      ;;
-     dhcpsrvr)
-         [ "$NAME" == "" ] && NAME=dhcpsrvr
-         setup_dhcpsrvr
-         if [ -x /opt/cloud/bin/update_config.py ]
-         then
-             /opt/cloud/bin/update_config.py cmd_line.json
-         fi
-      ;;
-     secstorage)
-         [ "$NAME" == "" ] && NAME=secstorage
-         setup_secstorage $hyp;
-      ;;
-     consoleproxy)
-         [ "$NAME" == "" ] && NAME=consoleproxy
-         setup_console_proxy $hyp;
-      ;;
-     elbvm)
-         [ "$NAME" == "" ] && NAME=elb
-         setup_elbvm
-      ;;
-     ilbvm)
-         [ "$NAME" == "" ] && NAME=ilb
-         setup_ilbvm
-      ;;
-     unknown)
-         [ "$NAME" == "" ] && NAME=systemvm
-         setup_default;
-          ;;
-  esac
 
-  if [ "$hyp" == "hyperv" ]; then
-     # eject the systemvm.iso
-     eject
+  if [ -f "/opt/cloud/bin/setup/$TYPE.sh" ]; then
+      /opt/cloud/bin/setup/$TYPE.sh
+  else
+      /opt/cloud/bin/setup/default.sh
   fi
 
   return 0
 }
 
-disable_hvc
-
-parse_cmd_line() {
-CMDLINE=$(cat /var/cache/cloud/cmdline)
-TYPE="unknown"
-BOOTPROTO="static"
-DISABLE_RP_FILTER="false"
-STORAGE_IP=""
-STORAGE_NETMASK=""
-STORAGE_CIDR=""
-VM_PASSWORD=""
-
-CHEF_TMP_FILE=/tmp/cmdline.json
-COMMA="\t"
-echo -e "{\n\"type\": \"cmdline\"," > ${CHEF_TMP_FILE}
-echo -e "\n\"cmd_line\": {" >> ${CHEF_TMP_FILE}
-
-for i in $CMDLINE
-  do
-    # search for foo=bar pattern and cut out foo
-    KEY=$(echo $i | cut -d= -f1)
-    VALUE=$(echo $i | cut -d= -f2)
-    echo -en ${COMMA} >> ${CHEF_TMP_FILE}
-    # Two lines so values do not accidently interpretted as escapes!!
-    echo -n \"${KEY}\"': '\"${VALUE}\" >> ${CHEF_TMP_FILE}
-    COMMA=",\n\t"
-    case $KEY in 
-      disable_rp_filter)
-          DISABLE_RP_FILTER=$VALUE
-          ;;
-      eth0ip)
-          ETH0_IP=$VALUE
-          ;;
-      eth1ip)
-          ETH1_IP=$VALUE
-          ;;
-      eth2ip)
-          ETH2_IP=$VALUE
-          ;;
-      host)
-          MGMT_HOST=$VALUE
-          ;;
-      gateway)
-          GW=$VALUE
-          ;;
-      ip6gateway)
-          IP6GW=$VALUE
-          ;;
-      eth0mask)
-          ETH0_MASK=$VALUE
-          ;;
-      eth1mask)
-          ETH1_MASK=$VALUE
-          ;;
-      eth2mask)
-          ETH2_MASK=$VALUE
-          ;;
-      eth0ip6)
-          ETH0_IP6=$VALUE
-          ;;
-      eth0ip6prelen)
-          ETH0_IP6_PRELEN=$VALUE
-          ;;
-      internaldns1)
-          internalNS1=$VALUE
-          ;;
-      internaldns2)
-          internalNS2=$VALUE
-          ;;
-      dns1)
-          NS1=$VALUE
-          ;;
-      dns2)
-          NS2=$VALUE
-          ;;
-      ip6dns1)
-          IP6_NS1=$VALUE
-          ;;
-      ip6dns2)
-          IP6_NS2=$VALUE
-          ;;
-      domain)
-          DOMAIN=$VALUE
-          ;;
-      dnssearchorder)
-          DNS_SEARCH_ORDER=$VALUE
-          ;;
-      useextdns)
-        USE_EXTERNAL_DNS=$VALUE
-          ;;
-      mgmtcidr)
-          MGMTNET=$VALUE
-          ;;
-      localgw)
-          LOCAL_GW=$VALUE
-          ;;
-      template)
-        TEMPLATE=$VALUE
-        ;;
-      sshonguest)
-        SSHONGUEST=$VALUE
-        ;;
-      name)
-        NAME=$VALUE
-        ;;
-      dhcprange)
-        DHCP_RANGE=$(echo $VALUE | tr ':' ',')
-        ;;
-      bootproto)
-        BOOTPROTO=$VALUE 
-        ;;
-      type)
-        TYPE=$VALUE
-        ;;
-      defaultroute)
-        DEFAULTROUTE=$VALUE
-    ;;
-      redundant_router)
-        RROUTER=$VALUE
-        ;;
-      guestgw)
-        GUEST_GW=$VALUE
-        ;;
-      guestbrd)
-        GUEST_BRD=$VALUE
-        ;;
-      guestcidrsize)
-        GUEST_CIDR_SIZE=$VALUE
-        ;;
-      router_pr)
-        ROUTER_PR=$VALUE
-        ;;
-      extra_pubnics)
-        EXTRA_PUBNICS=$VALUE
-        ;;
-      nic_macs)
-        NIC_MACS=$VALUE
-        ;;
-      mtu)
-        MTU=$VALUE
-        ;;
-      storageip)
-        STORAGE_IP=$VALUE
-        ;;
-      storagenetmask)
-        STORAGE_NETMASK=$VALUE
-        ;;
-      storagecidr)
-        STORAGE_CIDR=$VALUE
-        ;;
-      vmpassword)
-        VM_PASSWORD=$VALUE
-        ;;
-      vpccidr)
-        VPCCIDR=$VALUE
-        ;;
-      cidrsize)
-        CIDR_SIZE=$VALUE
-        ;;
-      advert_int)
-        ADVERT_INT=$VALUE
-        ;;
-      ntpserverlist)
-        NTP_SERVER_LIST=$VALUE
-        ;;
-    esac
-done
-echo -e "\n\t}\n}" >> ${CHEF_TMP_FILE}
-if [ "$TYPE" != "unknown" ]
-then
-    mv ${CHEF_TMP_FILE} /var/cache/cloud/cmd_line.json
-fi
-
-[ $ETH0_IP ] && LOCAL_ADDRS=$ETH0_IP
-[ $ETH0_IP6 ] && LOCAL_ADDRS=$ETH0_IP6
-[ $ETH0_IP ] && [ $ETH0_IP6 ] && LOCAL_ADDRS="$ETH0_IP,$ETH0_IP6"
-}
 
 case "$1" in
-start)
-
+  start)
     log_action_begin_msg "Executing cloud-early-config"
     log_it "Executing cloud-early-config"
     if start; then
@@ -1533,16 +219,15 @@ start)
     fi
     ;;
 
-stop)
+  stop)
     log_action_begin_msg "Stopping cloud-early-config"
     #Override old system's interface setting
     setup_default;
     log_action_end_msg 0
     ;;
 
-force-reload|restart)
-
-    log_warning_msg "Running $0  is deprecated because it may not enable again some interfaces"
+  force-reload|restart)
+    log_warning_msg "Running $0 is deprecated because it may not enable again some interfaces"
     log_action_begin_msg "Executing cloud-early-config"
     if start; then
         log_action_end_msg $?
@@ -1551,7 +236,7 @@ force-reload|restart)
     fi
     ;;
 
-*)
+  *)
     echo "Usage: /etc/init.d/cloud-early-config {start|stop}"
     exit 1
     ;;
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh
new file mode 100755
index 0000000..dc45bbe
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh
@@ -0,0 +1,833 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
+
+. /lib/lsb/init-functions
+
+
+log_it() {
+  echo "$(date) $@" >> /var/log/cloud.log
+  log_action_msg "$@"
+}
+
+
+init_interfaces_orderby_macs() {
+    macs=( $(echo $1 | sed "s/|/ /g") )
+    total_nics=${#macs[@]}
+    interface_file=${2:-"/etc/network/interfaces"}
+    rule_file=${3:-"/etc/udev/rules.d/70-persistent-net.rules"}
+
+    echo -n "auto lo" > $interface_file
+    for((i=0; i<total_nics; i++))
+    do
+        if [[ $i < 3 ]] 
+        then
+           echo -n " eth$i" >> $interface_file
+        fi
+    done
+    cat >> $interface_file << EOF
+
+iface lo inet loopback
+
+EOF
+
+    echo "" > $rule_file
+    for((i=0; i < ${#macs[@]}; i++))
+    do
+        echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"${macs[$i]}\", NAME=\"eth$i\"" >> $rule_file 
+    done
+}
+
+
+init_interfaces() {
+  if [ "$NIC_MACS" == "" ]
+  then
+    cat > /etc/network/interfaces << EOF
+auto lo $1 $2 $3
+iface lo inet loopback
+
+EOF
+  else
+    init_interfaces_orderby_macs "$NIC_MACS"
+  fi
+}
+
+
+setup_interface() {
+  local intfnum=$1
+  local ip=$2
+  local mask=$3
+  local gw=$4
+  local force=$5
+  local intf=eth${intfnum} 
+  local bootproto="static"
+
+
+  if [ "$BOOTPROTO" == "dhcp" ]
+  then
+    if [ "$intfnum" != "0" ]
+    then
+       bootproto="dhcp"
+    fi
+  fi
+
+  if [ "$ip" != "0.0.0.0" -a "$ip" != "" -o "$force" == "force" ]
+  then
+     echo "iface  $intf inet $bootproto" >> /etc/network/interfaces
+     if [ "$bootproto" == "static" ]
+     then
+       echo "  address $ip " >> /etc/network/interfaces
+       echo "  netmask $mask" >> /etc/network/interfaces
+     fi
+  fi
+
+  if [ "$ip" == "0.0.0.0" -o "$ip" == "" ]
+  then
+      ifconfig $intf down
+  fi
+
+  if [ "$force" == "force" ]
+  then
+      ifdown $intf
+  else
+      ifdown $intf
+      if [ "$RROUTER" != "1" -o "$1" != "2" ]
+      then
+          ifup $intf
+          timer=0
+          log_it "checking that $intf has IP "
+          while true
+          do
+              ip=$(ifconfig $intf | grep "inet addr:" | awk '{print $2}' | awk -F: '{print $2}')
+              if [ -z $ip ]
+              then
+                  sleep 1;
+                  #waiting for the interface to setup with ip
+                  log_it "waiting for $intf interface setup with ip timer=$timer"
+              else
+                  break
+              fi
+
+              if [ $timer -gt 15 ]
+              then
+                  log_it  "interface $intf is not set up with ip... exiting";
+                  break
+              fi
+
+              timer=`expr $timer + 1`
+          done
+      fi
+  fi
+}
+
+
+setup_interface_ipv6() {
+  sysctl net.ipv6.conf.all.disable_ipv6=0
+  sysctl net.ipv6.conf.all.forwarding=1
+  sysctl net.ipv6.conf.all.accept_ra=1
+
+  sed  -i "s/net.ipv6.conf.all.disable_ipv6 =.*$/net.ipv6.conf.all.disable_ipv6 = 0/" /etc/sysctl.conf
+  sed  -i "s/net.ipv6.conf.all.forwarding =.*$/net.ipv6.conf.all.forwarding = 1/" /etc/sysctl.conf
+  sed  -i "s/net.ipv6.conf.all.accept_ra =.*$/net.ipv6.conf.all.accept_ra = 1/" /etc/sysctl.conf
+
+  local intfnum=$1
+  local ipv6="$2"
+  local prelen="$3"
+  local intf=eth${intfnum}
+
+  echo "iface $intf inet6 static" >> /etc/network/interfaces
+  echo "  address $ipv6 " >> /etc/network/interfaces
+  echo "  netmask $prelen" >> /etc/network/interfaces
+  echo "  accept_ra 1" >> /etc/network/interfaces
+  ifdown $intf
+  ifup $intf
+}
+
+
+enable_fwding() {
+  local enabled=$1
+  log_it "cloud: enable_fwding = $1"
+  log_it "enable_fwding = $1"
+  echo "$1" > /proc/sys/net/ipv4/ip_forward
+  [ -f /etc/iptables/iptables.conf ] && sed  -i "s/ENABLE_ROUTING=.*$/ENABLE_ROUTING=$enabled/" /etc/iptables/iptables.conf && return
+}
+
+
+disable_rpfilter() {
+  log_it "cloud: disable rp_filter"
+  log_it "disable rpfilter"
+  sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf 
+}
+
+
+get_public_vif_list() {
+  local vif_list=""
+  for i in /sys/class/net/eth*; do
+    vif=$(basename $i);
+    if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ]
+    then
+      vif_list="$vif_list $vif";
+    fi
+  done
+  
+  echo $vif_list
+}
+
+
+disable_rpfilter_domR() {
+  log_it "cloud: Tuning rp_filter on public interfaces"
+  
+  VIF_LIST=$(get_public_vif_list)
+  log_it "rpfilter public interfaces :  $VIF_LIST"
+  if [ "$DISABLE_RP_FILTER" == "true" ]
+  then
+      log_it "cloud: disable rp_filter on public interfaces"
+      sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf 
+      echo "0" > /proc/sys/net/ipv4/conf/default/rp_filter
+      for vif in $VIF_LIST; do
+         log_it "cloud: disable rp_filter on public interface: $vif"
+         sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 0/" /etc/sysctl.conf 
+         echo "0" > /proc/sys/net/ipv4/conf/$vif/rp_filter
+      done
+  else
+      log_it "cloud: enable rp_filter on public interfaces"
+      sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 1/" /etc/sysctl.conf 
+      echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter
+      for vif in $VIF_LIST; do
+         log_it "cloud: enable rp_filter on public interface: $vif"
+         sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 1/" /etc/sysctl.conf 
+         echo "1" > /proc/sys/net/ipv4/conf/$vif/rp_filter
+      done
+  fi
+  log_it "cloud: Enabling rp_filter on Non-public interfaces(eth0,eth1,lo)"
+  echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter
+  echo "1" > /proc/sys/net/ipv4/conf/eth1/rp_filter
+  echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter
+}
+
+
+enable_irqbalance() {
+  local enabled=$1
+  local proc=0
+
+  proc=$(cat /proc/cpuinfo | grep "processor" | wc -l)
+  if [ $proc -le 1 ]  && [ $enabled -eq 1 ]
+  then
+    enabled=0
+  fi
+
+  log_it "Processors = $proc  Enable service ${svc} = $enabled"
+  local cfg=/etc/default/irqbalance
+  [ -f $cfg ] && sed  -i "s/ENABLED=.*$/ENABLED=$enabled/" $cfg && return
+}
+
+
+enable_vpc_rpsrfs() {
+    local enable=$1
+    if [ $enable -eq 0 ]
+    then
+        echo 0 > /etc/rpsrfsenable
+    else
+        echo 1 > /etc/rpsrfsenable
+    fi
+
+    return 0
+}
+
+
+enable_rpsrfs() {
+  local enable=$1
+
+  if [ $enable -eq 0 ]
+  then
+      echo 0 > /etc/rpsrfsenable
+      return 0
+  fi
+
+  if [ ! -f /sys/class/net/eth0/queues/rx-0/rps_cpus ]
+  then
+      echo "rps is not enabled in the kernel"
+      echo 0 > /etc/rpsrfsenable
+      return 0
+  fi
+
+  proc=$(cat /proc/cpuinfo | grep "processor" | wc -l)
+  if [ $proc -le 1 ]
+  then
+      echo 0 > /etc/rpsrfsenable
+      return 0;
+  fi
+
+  echo 1 > /etc/rpsrfsenable
+  num=1
+  num=$(($num<<$proc))
+  num=$(($num-1));
+  echo $num;
+  hex=$(printf "%x\n" $num)
+  echo $hex;
+  #enable rps
+  echo $hex > /sys/class/net/eth0/queues/rx-0/rps_cpus
+  echo $hex > /sys/class/net/eth2/queues/rx-0/rps_cpus
+
+  #enble rfs
+  echo 256 > /proc/sys/net/core/rps_sock_flow_entries
+  echo 256 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt
+  echo 256 > /sys/class/net/eth2/queues/rx-0/rps_flow_cnt
+}
+
+
+setup_common() {
+  init_interfaces $1 $2 $3
+  if [ -n "$ETH0_IP" ]
+  then
+    setup_interface "0" $ETH0_IP $ETH0_MASK $GW
+  fi
+  if [ -n "$ETH0_IP6" ]
+  then
+      setup_interface_ipv6 "0" $ETH0_IP6 $ETH0_IP6_PRELEN
+  fi
+  setup_interface "1" $ETH1_IP $ETH1_MASK $GW
+  if [ -n "$ETH2_IP" ]
+  then
+    setup_interface "2" $ETH2_IP $ETH2_MASK $GW
+  fi
+   
+  echo $NAME > /etc/hostname
+  echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon
+  hostnamectl set-hostname $NAME
+  
+  #Nameserver
+  sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries
+  sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries
+  if [ -n "$internalNS1" ]
+  then
+    echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf
+    echo "nameserver $internalNS1" > /etc/resolv.conf
+  fi
+  
+  if [ -n "$internalNS2" ]
+  then
+    echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf
+    echo "nameserver $internalNS2" >> /etc/resolv.conf
+  fi
+  if [ -n "$NS1" ]
+  then
+    echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf
+    echo "nameserver $NS1" >> /etc/resolv.conf
+  fi
+  
+  if [ -n "$NS2" ]
+  then
+    echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
+    echo "nameserver $NS2" >> /etc/resolv.conf
+  fi
+
+  if [ -n "$IP6_NS1" ]
+  then
+    echo "nameserver $IP6_NS1" >> /etc/dnsmasq-resolv.conf
+    echo "nameserver $IP6_NS1" >> /etc/resolv.conf
+  fi
+  if [ -n "$IP6_NS2" ]
+  then
+    echo "nameserver $IP6_NS2" >> /etc/dnsmasq-resolv.conf
+    echo "nameserver $IP6_NS2" >> /etc/resolv.conf
+  fi
+
+  if [ -n "$MGMTNET"  -a -n "$LOCAL_GW" ]
+  then
+    ip route add $MGMTNET via $LOCAL_GW dev eth1
+  fi
+
+  ip route delete default
+  if [ "$RROUTER" != "1" ]
+  then
+    gwdev=$3
+    if [ -z "$gwdev" ]
+    then
+      gwdev="eth0"
+    fi
+
+    ip route add default via $GW dev $gwdev
+
+  fi
+ 
+  # a hacking way to activate vSwitch under VMware
+  ping -n -c 3 $GW &
+  sleep 3
+  pkill ping
+  if [ -n "$MGMTNET"  -a -n "$LOCAL_GW" ]
+  then
+      ping -n -c 3 $LOCAL_GW &
+      sleep 3
+      pkill ping
+      #This code is added to address ARP issue by pinging MGMT_GW
+      MGMT_GW=$(echo $MGMTNET | awk -F "." '{print $1"."$2"."$3".1"}')
+      ping -n -c 3 $MGMT_GW &
+      sleep 3
+      pkill ping
+  
+  fi
+
+  local hyp=$(hypervisor)
+  if [ "$hyp" == "vmware" ]; then
+      ntpq -p &> /dev/null || vmware-toolbox-cmd timesync enable
+  fi
+}
+
+
+setup_dnsmasq() {
+  log_it "Setting up dnsmasq"
+
+  touch /etc/dhcpopts.txt
+
+  [ -z $DHCP_RANGE ] && [ $ETH0_IP ] && DHCP_RANGE=$ETH0_IP
+  [ $ETH0_IP6 ] && DHCP_RANGE_IP6=$ETH0_IP6
+  [ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
+  #removing the dnsmasq multiple ranges config file.
+  rm /etc/dnsmasq.d/multiple_ranges.conf
+
+  #get the template
+  cp /etc/dnsmasq.conf.tmpl /etc/dnsmasq.conf
+  
+  if [ -n "$DOMAIN" ]
+  then
+        #send domain name to dhcp clients
+        sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf
+        #DNS server will append $DOMAIN to local queries
+        sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
+        #answer all local domain queries
+        sed  -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
+  fi
+  
+  if [ -n  "$DNS_SEARCH_ORDER" ]
+  then
+      sed -i -e "/^[#]*dhcp-option.*=119.*$/d" /etc/dnsmasq.conf
+      echo "dhcp-option-force=119,$DNS_SEARCH_ORDER" >> /etc/dnsmasq.conf
+      # set the domain search order as a space seprated list for option 15
+      DNS_SEARCH_ORDER=$(echo $DNS_SEARCH_ORDER | sed 's/,/ /g')
+      #send domain name to dhcp clients 
+      sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\""$DNS_SEARCH_ORDER"\"/ /etc/dnsmasq.conf
+  fi
+  
+  if [ $DHCP_RANGE ]
+  then
+    sed -i -e "s/^dhcp-range_ip4=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf
+  else
+    sed -i -e "s/^dhcp-range_ip4=.*$//" /etc/dnsmasq.conf
+  fi
+  if [ $DHCP_RANGE_IP6 ]
+  then
+    sed -i -e "s/^dhcp-range_ip6=.*$/dhcp-range=$DHCP_RANGE_IP6,static/" /etc/dnsmasq.conf
+    # For nondefault6 tagged host, don't send dns-server information
+    sed -i /nondefault6/d /etc/dnsmasq.conf
+    echo "dhcp-option=nondefault6,option6:dns-server" >> /etc/dnsmasq.conf
+  else
+    sed -i -e "s/^dhcp-range_ip6=.*$//" /etc/dnsmasq.conf
+  fi
+
+  if [ "$RROUTER" == "1" ]
+  then
+    DEFAULT_GW=$GUEST_GW
+    INTERNAL_DNS=$GUEST_GW
+  else
+    if [ "$TYPE" == "dhcpsrvr" ]
+    then
+      DEFAULT_GW=$GW
+    else
+      DEFAULT_GW=$ETH0_IP
+    fi
+    INTERNAL_DNS=$ETH0_IP
+  fi
+  sed -i -e "/^[#]*dhcp-option=option:router.*$/d" /etc/dnsmasq.conf
+  [ $DEFAULT_GW ] && echo "dhcp-option=option:router,$DEFAULT_GW" >> /etc/dnsmasq.conf
+
+  [ $ETH0_IP ] && [ $NS1 ] && NS="$NS1,"
+  [ $ETH0_IP ] && [ $NS2 ] && NS="$NS$NS2,"
+  [ $ETH0_IP6 ] && [ $IP6_NS1 ] && NS6="[$IP6_NS1],"
+  [ $ETH0_IP6 ] && [ $IP6_NS2 ] && NS6="$NS6[$IP6_NS2],"
+  #for now set up ourself as the dns server as well
+  sed -i -e "/^[#]*dhcp-option=6,.*$/d" /etc/dnsmasq.conf
+  sed -i -e "/^[#]*dhcp-option=option6:dns-server,.*$/d" /etc/dnsmasq.conf
+  if [ "$USE_EXTERNAL_DNS" != "true" ]
+  then
+    [ $ETH0_IP ] && NS="$INTERNAL_DNS,$NS"
+    [ $ETH0_IP6 ] && NS6="[::],$NS6"
+    # enable dns
+    sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf
+  else
+    # disable dns
+    sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf
+    echo "port=0" >> /etc/dnsmasq.conf
+  fi
+  NS=${NS%?}
+  NS6=${NS6%?}
+  [ $ETH0_IP ] && echo "dhcp-option=6,$NS" >> /etc/dnsmasq.conf
+  [ $ETH0_IP6 ] && echo "dhcp-option=option6:dns-server,$NS6" >> /etc/dnsmasq.conf
+#adding the name data-server to the /etc/hosts for allowing the access to user-data service and ssh-key reset in every subnet.
+#removing the existing entires to avoid duplicates on restarts.
+  sed -i  '/data-server/d' /etc/hosts
+  if [ -n "$ETH0_IP" ]
+          then
+           echo "$ETH0_IP data-server" >> /etc/hosts
+  fi
+  if [ -n "$ETH0_IP6" ]
+      then
+       echo "$ETH0_IP6 data-server" >> /etc/hosts
+  fi
+#add the dhcp-client-update only if dnsmasq version is 2.6 and above
+  dnsmasqVersion=$(dnsmasq -v |  grep version -m 1 | grep -o  "[[:digit:]]\.[[:digit:]]")
+  major=$(echo "$dnsmasqVersion" | cut -d '.' -f 1)
+  minor=$(echo "$dnsmasqVersion" | cut -d '.' -f 2)
+  if [ "$major" -eq '2' -a  "$minor" -ge '6' ] || [ "$major" -gt '2' ]
+  then
+      sed -i -e "/^dhcp-client-update/d" /etc/dnsmasq.conf
+      echo 'dhcp-client-update' >> /etc/dnsmasq.conf
+  fi
+
+  command -v dhcp_release > /dev/null 2>&1
+  no_dhcp_release=$?
+  if [ $no_dhcp_release -eq 0 -a -z "$ETH0_IP6" ]
+  then
+      echo 1 > /var/cache/cloud/dnsmasq_managed_lease
+      sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf
+  else
+      echo 0 > /var/cache/cloud/dnsmasq_managed_lease
+  fi
+}
+
+
+setup_sshd(){
+  local ip=$1
+  local eth=$2
+  [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config
+  sed -i "/3922/s/eth./$eth/" /etc/iptables/rules.v4
+  sed -i "/3922/s/eth./$eth/" /etc/iptables/rules
+  systemctl restart sshd
+}
+
+
+setup_vpc_apache2() {
+  log_it "Setting up apache web server for VPC"
+  systemctl disable apache2
+  clean_ipalias_config
+  setup_apache2_common
+}
+
+
+clean_ipalias_config() {
+  # Old
+  rm -f /etc/apache2/conf.d/ports.*.meta-data.conf
+  rm -f /etc/apache2/sites-available/ipAlias*
+  rm -f /etc/apache2/sites-enabled/ipAlias*
+  rm -f /etc/apache2/conf.d/vhost*.conf
+  rm -f /etc/apache2/ports.conf
+  rm -f /etc/apache2/vhostexample.conf
+  rm -f /etc/apache2/sites-available/default
+  rm -f /etc/apache2/sites-available/default-ssl
+  rm -f /etc/apache2/sites-enabled/default
+  rm -f /etc/apache2/sites-enabled/default-ssl
+
+  # New
+  rm -f /etc/apache2/sites-enabled/vhost-*.conf
+  rm -f /etc/apache2/sites-enabled/000-default
+
+  rm -rf /etc/failure_config
+}
+
+
+setup_apache2_common() {
+  sed -i 's/^Include ports.conf.*/# CS: Done by Python CsApp config\n#Include ports.conf/g' /etc/apache2/apache2.conf
+  [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security
+  [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security
+
+  # Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/
+  [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf
+
+  echo "Options -Indexes" > /var/www/html/.htaccess
+}
+
+
+setup_apache2() {
+  log_it "Setting up apache web server"
+  clean_ipalias_config
+  setup_apache2_common
+  local ip=$1
+}
+
+
+setup_aesni() {
+  if [ `grep aes /proc/cpuinfo | wc -l` -gt 0 ]
+  then
+    modprobe aesni_intel
+  fi
+}
+
+
+setup_storage_network() {
+    if [ x"$STORAGE_IP" == "x" -o x"$STORAGE_NETMASK" == "x" ]
+    then
+        log_it "Incompleted parameters STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR. Cannot setup storage network"
+        return
+    fi
+
+    echo "" >> /etc/network/interfaces
+    echo "auto eth3" >> /etc/network/interfaces
+
+    setup_interface "3" "$STORAGE_IP" "$STORAGE_NETMASK"
+    [ -n "$MTU" ] && ifconfig eth3 mtu $MTU && echo "  mtu $MTU" >> /etc/network/interfaces
+    #ip route add "$STORAGE_CIDR" via "$STORAGE_IP"
+    log_it "Successfully setup storage network with STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR"
+}
+
+
+setup_system_rfc1918_internal() {
+  public_ip=`getPublicIp`
+  echo "$public_ip" | grep -E "^((127\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(192\.168\.))"
+  if [ "$?" == "0" ]; then
+     log_it "Not setting up route of RFC1918 space to $LOCAL_GW befause $public_ip is RFC1918."
+  else
+     log_it "Setting up route of RFC1918 space to $LOCAL_GW"
+     # Setup general route for RFC 1918 space, as otherwise it will be sent to
+     # the public gateway and not work
+     # More specific routes that may be set have preference over this generic route.
+     ip route add 10.0.0.0/8 via $LOCAL_GW
+     ip route add 172.16.0.0/12 via $LOCAL_GW
+     ip route add 192.168.0.0/16 via $LOCAL_GW
+  fi
+}
+
+
+getPublicIp() {
+  public_ip=$ETH2_IP
+  [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP
+  echo $public_ip
+}
+
+
+setup_ntp() {
+    log_it "Setting up NTP"
+    NTP_CONF_FILE="/etc/ntp.conf"
+    if [ -f $NTP_CONF_FILE ]
+    then
+        IFS=',' read -a server_list <<< "$NTP_SERVER_LIST"
+        for (( iterator=${#server_list[@]}-1 ; iterator>=0 ; iterator-- ))
+        do
+            server=$(echo ${server_list[iterator]} | tr -d '\r')
+            PATTERN="server $server"
+            if grep -q "^$PATTERN$" $NTP_CONF_FILE ; then
+                sed -i "/^$PATTERN$/d" $NTP_CONF_FILE
+            fi
+            sed -i "0,/^server/s//$PATTERN\nserver/" $NTP_CONF_FILE
+        done
+        systemctl restart ntp
+    else
+        log_it "NTP configuration file not found"
+    fi
+}
+
+
+parse_cmd_line() {
+  CMDLINE=$(cat /var/cache/cloud/cmdline)
+  TYPE="unknown"
+  BOOTPROTO="static"
+  DISABLE_RP_FILTER="false"
+  STORAGE_IP=""
+  STORAGE_NETMASK=""
+  STORAGE_CIDR=""
+  VM_PASSWORD=""
+
+  CHEF_TMP_FILE=/tmp/cmdline.json
+  COMMA="\t"
+  echo -e "{\n\"type\": \"cmdline\"," > ${CHEF_TMP_FILE}
+  echo -e "\n\"cmd_line\": {" >> ${CHEF_TMP_FILE}
+
+  for i in $CMDLINE
+    do
+      # search for foo=bar pattern and cut out foo
+      KEY=$(echo $i | cut -d= -f1)
+      VALUE=$(echo $i | cut -d= -f2)
+      echo -en ${COMMA} >> ${CHEF_TMP_FILE}
+      # Two lines so values do not accidently interpretted as escapes!!
+      echo -n \"${KEY}\"': '\"${VALUE}\" >> ${CHEF_TMP_FILE}
+      COMMA=",\n\t"
+      case $KEY in
+        disable_rp_filter)
+            export DISABLE_RP_FILTER=$VALUE
+            ;;
+        eth0ip)
+            export ETH0_IP=$VALUE
+            ;;
+        eth1ip)
+            export ETH1_IP=$VALUE
+            ;;
+        eth2ip)
+            export ETH2_IP=$VALUE
+            ;;
+        host)
+            export MGMT_HOST=$VALUE
+            ;;
+        gateway)
+            export GW=$VALUE
+            ;;
+        ip6gateway)
+            export IP6GW=$VALUE
+            ;;
+        eth0mask)
+            export ETH0_MASK=$VALUE
+            ;;
+        eth1mask)
+            export ETH1_MASK=$VALUE
+            ;;
+        eth2mask)
+            export ETH2_MASK=$VALUE
+            ;;
+        eth0ip6)
+            export ETH0_IP6=$VALUE
+            ;;
+        eth0ip6prelen)
+            export ETH0_IP6_PRELEN=$VALUE
+            ;;
+        internaldns1)
+            export internalNS1=$VALUE
+            ;;
+        internaldns2)
+            export internalNS2=$VALUE
+            ;;
+        dns1)
+            export NS1=$VALUE
+            ;;
+        dns2)
+            export NS2=$VALUE
+            ;;
+        ip6dns1)
+            export IP6_NS1=$VALUE
+            ;;
+        ip6dns2)
+            export IP6_NS2=$VALUE
+            ;;
+        domain)
+            export DOMAIN=$VALUE
+            ;;
+        dnssearchorder)
+            export DNS_SEARCH_ORDER=$VALUE
+            ;;
+        useextdns)
+            export USE_EXTERNAL_DNS=$VALUE
+            ;;
+        mgmtcidr)
+            export MGMTNET=$VALUE
+            ;;
+        localgw)
+            export LOCAL_GW=$VALUE
+            ;;
+        template)
+            export TEMPLATE=$VALUE
+            ;;
+        sshonguest)
+            export SSHONGUEST=$VALUE
+            ;;
+        name)
+            export NAME=$VALUE
+            ;;
+        dhcprange)
+            export DHCP_RANGE=$(echo $VALUE | tr ':' ',')
+            ;;
+        bootproto)
+            export BOOTPROTO=$VALUE
+            ;;
+        type)
+            export TYPE=$VALUE
+            ;;
+        defaultroute)
+            export DEFAULTROUTE=$VALUE
+            ;;
+        redundant_router)
+            export RROUTER=$VALUE
+            ;;
+        guestgw)
+            export GUEST_GW=$VALUE
+            ;;
+        guestbrd)
+            export GUEST_BRD=$VALUE
+            ;;
+        guestcidrsize)
+            export GUEST_CIDR_SIZE=$VALUE
+            ;;
+        router_pr)
+            export ROUTER_PR=$VALUE
+            ;;
+        extra_pubnics)
+            export EXTRA_PUBNICS=$VALUE
+            ;;
+        nic_macs)
+            export NIC_MACS=$VALUE
+            ;;
+        mtu)
+            export MTU=$VALUE
+            ;;
+        storageip)
+            export STORAGE_IP=$VALUE
+            ;;
+        storagenetmask)
+            export STORAGE_NETMASK=$VALUE
+            ;;
+        storagecidr)
+            export STORAGE_CIDR=$VALUE
+            ;;
+        vmpassword)
+            export VM_PASSWORD=$VALUE
+            ;;
+        vpccidr)
+            export VPCCIDR=$VALUE
+            ;;
+        cidrsize)
+            export CIDR_SIZE=$VALUE
+            ;;
+        advert_int)
+            export ADVERT_INT=$VALUE
+            ;;
+        ntpserverlist)
+            export NTP_SERVER_LIST=$VALUE
+            ;;
+      esac
+  done
+  echo -e "\n\t}\n}" >> ${CHEF_TMP_FILE}
+  if [ "$TYPE" != "unknown" ]
+  then
+    mv ${CHEF_TMP_FILE} /var/cache/cloud/cmd_line.json
+  fi
+
+  [ $ETH0_IP ] && export LOCAL_ADDRS=$ETH0_IP
+  [ $ETH0_IP6 ] && export LOCAL_ADDRS=$ETH0_IP6
+  [ $ETH0_IP ] && [ $ETH0_IP6 ] && export LOCAL_ADDRS="$ETH0_IP,$ETH0_IP6"
+}
+
+
+change_password() {
+  # Randomize cloud password so only ssh login is allowed
+  echo "cloud:`openssl rand -base64 32`" | chpasswd
+
+  if [ x"$VM_PASSWORD" != x"" ]
+  then
+    echo "root:$VM_PASSWORD" | chpasswd
+  fi
+}
+
+parse_cmd_line
+change_password
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh
new file mode 100755
index 0000000..00bd927
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+. /opt/cloud/bin/setup/common.sh
+
+
+setup_console_proxy() {
+  log_it "Setting up console proxy system vm"
+  local hyp=$HYPERVISOR
+  setup_common eth0 eth1 eth2
+  setup_system_rfc1918_internal
+  public_ip=`getPublicIp`
+  sed -i  /gateway/d /etc/hosts
+  echo "$public_ip $NAME" >> /etc/hosts
+  cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules.v4
+  cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules
+  if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then
+    setup_sshd $ETH1_IP "eth1"
+  else
+    setup_sshd $ETH0_IP "eth0"
+  fi
+
+  systemctl enable cloud
+  disable_rpfilter
+  enable_fwding 0
+  enable_irqbalance 0
+  systemctl disable nfs-common
+  rm /etc/logrotate.d/cloud
+}
+
+setup_console_proxy
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/default.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/default.sh
new file mode 100755
index 0000000..4272e64
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/default.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+. /opt/cloud/bin/setup/common.sh
+
+setup_default() {
+  cat > /etc/network/interfaces << EOF
+auto lo
+iface lo inet loopback
+EOF
+  cp -f /etc/iptables/rt_tables_init /etc/iproute2/rt_tables
+}
+
+setup_default
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh
new file mode 100755
index 0000000..a479216
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+. /opt/cloud/bin/setup/common.sh
+
+
+setup_dhcpsrvr() {
+  log_it "Setting up dhcp server system vm"
+  setup_common eth0 eth1
+  setup_dnsmasq
+  setup_apache2 $ETH0_IP
+
+  sed -i  /gateway/d /etc/hosts
+  [ $ETH0_IP ] && echo "$ETH0_IP $NAME" >> /etc/hosts
+  [ $ETH0_IP6 ] && echo "$ETH0_IP6 $NAME" >> /etc/hosts
+
+  systemctl enable dnsmasq cloud-passwd-srvr
+  systemctl restart dnsmasq cloud-passwd-srvr
+  enable_irqbalance 0
+  enable_fwding 0
+  systemctl disable nfs-common
+
+  cp /etc/iptables/iptables-router /etc/iptables/rules.v4
+  cp /etc/iptables/iptables-router /etc/iptables/rules
+
+  #Only allow DNS service for current network
+  sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
+  sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
+  sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
+  sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
+
+  if [ "$SSHONGUEST" == "true" ]
+  then
+    setup_sshd $ETH0_IP "eth0"
+  else
+    setup_sshd $ETH1_IP "eth1"
+  fi
+
+  if [ -x /opt/cloud/bin/update_config.py ]
+  then
+      /opt/cloud/bin/update_config.py cmd_line.json
+  fi
+}
+
+setup_dhcpsrvr
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh
new file mode 100755
index 0000000..762133f
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+. /opt/cloud/bin/setup/common.sh
+
+
+setup_elbvm() {
+  log_it "Setting up Elastic Load Balancer system vm"
+  local hyp=$HYPERVISOR
+  setup_common eth0 eth1
+  sed -i  /gateway/d /etc/hosts
+  public_ip=$ETH2_IP
+  [ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP
+  echo "$public_ip $NAME" >> /etc/hosts
+
+  cp /etc/iptables/iptables-elbvm /etc/iptables/rules.v4
+  cp /etc/iptables/iptables-elbvm /etc/iptables/rules
+  if [ "$SSHONGUEST" == "true" ]
+  then
+    setup_sshd $ETH0_IP "eth0"
+  else
+    setup_sshd $ETH1_IP "eth1"
+  fi
+
+  enable_fwding 0
+  enable_irqbalance 0
+  systemctl disable nfs-common
+  systemctl disable portmap
+}
+
+setup_elbvm
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh
new file mode 100755
index 0000000..48c1635
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+. /opt/cloud/bin/setup/common.sh
+
+
+setup_ilbvm() {
+  log_it "Setting up Internal Load Balancer system vm"
+  local hyp=$HYPERVISOR
+  setup_common eth0 eth1
+  #eth0 = guest network, eth1=control network
+
+  sed -i  /$NAME/d /etc/hosts
+  echo "$ETH0_IP $NAME" >> /etc/hosts
+
+  cp /etc/iptables/iptables-ilbvm /etc/iptables/rules.v4
+  cp /etc/iptables/iptables-ilbvm /etc/iptables/rules
+  setup_sshd $ETH1_IP "eth1"
+
+  enable_fwding 0
+  systemctl enable haproxy
+  enable_irqbalance 1
+  systemctl disable nfs-common
+  systemctl disable portmap
+}
+
+setup_ilbvm
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh
similarity index 95%
rename from systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh
rename to systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh
index 81a1b14..a7c4581 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh
@@ -18,6 +18,7 @@
 
 #set -x
 logfile="/var/log/patchsystemvm.log"
+
 # To use existing console proxy .zip-based package file
 patch_console_proxy() {
    local patchfile=$1
@@ -158,25 +159,11 @@ enable_serial_console() {
    sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab
 }
 
-
-CMDLINE=$(cat /var/cache/cloud/cmdline)
-TYPE="router"
 PATCH_MOUNT=$1
 Hypervisor=$2
+TYPE=$3
 
-for i in $CMDLINE
-  do
-    # search for foo=bar pattern and cut out foo
-    KEY=$(echo $i | cut -d= -f1)
-    VALUE=$(echo $i | cut -d= -f2)
-    case $KEY in
-      type)
-        TYPE=$VALUE
-        ;;
-      *)
-        ;;
-    esac
-done
+echo "" > /root/.ssh/known_hosts
 
 if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ]  && [ -f ${PATCH_MOUNT}/systemvm.zip ]
 then
@@ -189,9 +176,6 @@ then
 fi
 
 
-#empty known hosts
-echo "" > /root/.ssh/known_hosts
-
 if [ "$Hypervisor" == "kvm" ]
 then
    enable_pcihotplug
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh
new file mode 100755
index 0000000..ae64232
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh
@@ -0,0 +1,111 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+. /opt/cloud/bin/setup/common.sh
+
+
+setup_router() {
+  log_it "Setting up virtual router system vm"
+
+  #To save router public interface and gw ip information
+  touch /var/cache/cloud/ifaceGwIp
+
+  oldmd5=
+  [ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}')
+
+  if [ -n "$ETH2_IP" ]
+  then
+      setup_common eth0 eth1 eth2
+
+      if [ -n "$EXTRA_PUBNICS" ]
+      then
+        for((i = 3; i < 3 + $EXTRA_PUBNICS; i++))
+        do
+            setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force"
+        done
+      fi
+  else
+    setup_common eth0 eth1
+      if [ -n "$EXTRA_PUBNICS" ]
+      then
+        for((i = 2; i < 2 + $EXTRA_PUBNICS; i++))
+        do
+            setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force"
+        done
+      fi
+  fi
+ 
+  # Moved to Cs Python code 
+  #if [ -n "$ETH2_IP" -a "$RROUTER" == "1" ]
+  #then
+    #setup_redundant_router
+  #fi
+  
+  log_it "Checking udev NIC assignment order changes"
+  if [ "$NIC_MACS" != "" ]
+  then
+    init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules"
+    newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}')
+    rm /tmp/interfaces
+    rm /tmp/udev-rules
+    
+    if [ "$oldmd5" != "$newmd5" ]
+    then
+      log_it "udev NIC assignment requires reboot to take effect"
+      sync
+      sleep 2
+      reboot
+    fi
+  fi
+  
+  setup_aesni
+  setup_dnsmasq
+  setup_apache2 $ETH0_IP
+
+  sed -i  /gateway/d /etc/hosts
+  echo "$ETH0_IP $NAME" >> /etc/hosts
+
+
+  systemctl enable dnsmasq haproxy cloud-passwd-srvr
+  systemctl restart dnsmasq haproxy cloud-passwd-srvr
+  enable_irqbalance 1
+  disable_rpfilter_domR
+  enable_fwding 1
+  enable_rpsrfs 1
+  systemctl disable nfs-common
+  cp /etc/iptables/iptables-router /etc/iptables/rules.v4
+#for old templates
+  cp /etc/iptables/iptables-router /etc/iptables/rules
+  setup_sshd $ETH1_IP "eth1"
+
+  #Only allow DNS service for current network
+  sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
+  sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
+  sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
+  sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
+
+  #setup hourly logrotate
+  mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1
+
+  if [ -x /opt/cloud/bin/update_config.py ]
+  then
+      /opt/cloud/bin/update_config.py cmd_line.json
+  fi
+}
+
+setup_router
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh
new file mode 100755
index 0000000..7cd6a6a
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh
@@ -0,0 +1,74 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+. /opt/cloud/bin/setup/common.sh
+
+
+setup_secstorage() {
+  log_it "Setting up secondary storage system vm"
+  sysctl vm.min_free_kbytes=8192
+  local hyp=$HYPERVISOR
+  setup_common eth0 eth1 eth2
+  setup_storage_network
+  setup_system_rfc1918_internal
+  sed -i  /gateway/d /etc/hosts
+  public_ip=`getPublicIp`
+  echo "$public_ip $NAME" >> /etc/hosts
+
+  cp /etc/iptables/iptables-secstorage /etc/iptables/rules.v4
+  cp /etc/iptables/iptables-secstorage /etc/iptables/rules
+  if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then
+    setup_sshd $ETH1_IP "eth1"
+  else
+    setup_sshd $ETH0_IP "eth0"
+  fi
+  setup_apache2 $ETH2_IP
+
+  # Deprecated, should move to Cs Python all of it
+  sed -e "s/<VirtualHost .*:80>/<VirtualHost $ETH2_IP:80>/" \
+    -e "s/<VirtualHost .*:443>/<VirtualHost $ETH2_IP:443>/" \
+    -e "s/Listen .*:80/Listen $ETH2_IP:80/g" \
+    -e "s/Listen .*:443/Listen $ETH2_IP:443/g" \
+    -e "s/NameVirtualHost .*:80/NameVirtualHost $ETH2_IP:80/g" /etc/apache2/vhost.template > /etc/apache2/sites-enabled/vhost-${ETH2_IP}.conf
+
+  log_it "setting up apache2 for post upload of volume/template"
+  a2enmod proxy
+  a2enmod proxy_http
+  a2enmod headers
+
+  cat >/etc/apache2/cors.conf <<CORS
+RewriteEngine On
+RewriteCond %{HTTPS} =on
+RewriteCond %{REQUEST_METHOD} =POST
+RewriteRule ^/upload/(.*) http://127.0.0.1:8210/upload?uuid=\$1 [P,L]
+Header always set Access-Control-Allow-Origin "*"
+Header always set Access-Control-Allow-Methods "POST, OPTIONS"
+Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires"
+CORS
+
+  disable_rpfilter
+  enable_fwding 0
+  systemctl disable haproxy dnsmasq cloud-passwd-srvr
+  systemctl enable cloud apache2
+  systemctl restart cloud apache2
+  enable_irqbalance 0
+  rm /etc/logrotate.d/cloud
+  setup_ntp
+}
+
+setup_secstorage
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/vpcrouter.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/vpcrouter.sh
new file mode 100755
index 0000000..85d1a09
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/vpcrouter.sh
@@ -0,0 +1,125 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+. /opt/cloud/bin/setup/common.sh
+
+setup_vpcrouter() {
+  log_it "Setting up VPC virtual router system vm"
+
+  if [ -f /etc/hosts ]; then
+    grep -q $NAME /etc/hosts || echo "127.0.0.1 $NAME" >> /etc/hosts;
+  fi
+
+    cat > /etc/network/interfaces << EOF
+auto lo eth0
+iface lo inet loopback
+EOF
+  setup_interface "0" $ETH0_IP $ETH0_MASK $GW
+
+  echo $NAME > /etc/hostname
+  echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon
+  hostnamectl set-hostname $NAME
+
+  #Nameserver
+  sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries
+  sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries
+  if [ -n "$internalNS1" ]
+  then
+    echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf
+    echo "nameserver $internalNS1" > /etc/resolv.conf
+  fi
+  
+  if [ -n "$internalNS2" ]
+  then
+    echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf
+    echo "nameserver $internalNS2" >> /etc/resolv.conf
+  fi
+  if [ -n "$NS1" ]
+  then
+    echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf
+    echo "nameserver $NS1" >> /etc/resolv.conf
+  fi
+  
+  if [ -n "$NS2" ]
+  then
+    echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
+    echo "nameserver $NS2" >> /etc/resolv.conf
+  fi
+  if [ -n "$MGMTNET"  -a -n "$LOCAL_GW" ]
+  then
+     if [ "$HYPERVISOR" == "vmware" ] || [ "$HYPERVISOR" == "hyperv" ];
+     then
+         ip route add $MGMTNET via $LOCAL_GW dev eth0
+         
+          # a hacking way to activate vSwitch under VMware
+         ping -n -c 3 $LOCAL_GW &
+         sleep 3
+         pkill ping
+     fi
+  fi
+
+  ip route delete default
+  # create route table for static route
+
+  sudo echo "252 static_route" >> /etc/iproute2/rt_tables 2>/dev/null
+  sudo echo "251 static_route_back" >> /etc/iproute2/rt_tables 2>/dev/null
+  sudo ip rule add from $VPCCIDR table static_route 2>/dev/null
+  sudo ip rule add from $VPCCIDR table static_route_back 2>/dev/null
+
+  setup_vpc_apache2
+
+  systemctl enable dnsmasq haproxy cloud-passwd-srvr
+  enable_irqbalance 1
+  enable_vpc_rpsrfs 1
+  disable_rpfilter
+  enable_fwding 1
+  cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules.v4
+  cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules
+  setup_sshd $ETH0_IP "eth0"
+  cp /etc/vpcdnsmasq.conf /etc/dnsmasq.conf
+  cp /etc/cloud-nic.rules /etc/udev/rules.d/cloud-nic.rules
+  echo "" > /etc/dnsmasq.d/dhcphosts.txt
+  echo "dhcp-hostsfile=/etc/dhcphosts.txt" > /etc/dnsmasq.d/cloud.conf
+
+  [ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
+  #DNS server will append $DOMAIN to local queries
+  sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
+  #answer all local domain queries
+  sed  -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
+
+  command -v dhcp_release > /dev/null 2>&1
+  no_dhcp_release=$?
+  if [ $no_dhcp_release -eq 0 ]
+  then
+      echo 1 > /var/cache/cloud/dnsmasq_managed_lease
+      sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf
+  else
+      echo 0 > /var/cache/cloud/dnsmasq_managed_lease
+  fi
+
+  systemctl restart dnsmasq haproxy cloud-passwd-srvr
+
+  #setup hourly logrotate
+  mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1
+  if [ -x /opt/cloud/bin/update_config.py ]
+  then
+      /opt/cloud/bin/update_config.py cmd_line.json
+  fi
+}
+
+setup_vpcrouter

-- 
To stop receiving notification emails like this one, please contact
"commits@cloudstack.apache.org" <commits@cloudstack.apache.org>.

Mime
View raw message