You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/03/17 11:26:46 UTC
[44/50] git commit: updated refs/heads/master to 3c429ee
ACL issues
ACL order issues
Do not block multicast traffic for vrrp
Many smaller bug fixes
checkrouter provided in /opt/cloud/bin
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/585f5f70
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/585f5f70
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/585f5f70
Branch: refs/heads/master
Commit: 585f5f7000d876d96bb17cc0996efc98f22a840e
Parents: 8edeca1
Author: Ian Southam <is...@schubergphilis.com>
Authored: Thu Feb 26 14:07:36 2015 +0100
Committer: wilderrodrigues <wr...@schubergphilis.com>
Committed: Mon Mar 16 11:40:10 2015 +0100
----------------------------------------------------------------------
.../debian/config/opt/cloud/bin/checkrouter.sh | 8 +++++
.../debian/config/opt/cloud/bin/configure.py | 19 ++++++++----
.../debian/config/opt/cloud/bin/cs/CsAddress.py | 5 ++++
.../debian/config/opt/cloud/bin/cs/CsApp.py | 0
.../debian/config/opt/cloud/bin/cs/CsConfig.py | 0
.../debian/config/opt/cloud/bin/cs/CsDatabag.py | 14 ++++++---
.../debian/config/opt/cloud/bin/cs/CsDhcp.py | 0
.../debian/config/opt/cloud/bin/cs/CsFile.py | 0
.../config/opt/cloud/bin/cs/CsGuestNetwork.py | 0
.../debian/config/opt/cloud/bin/cs/CsHelper.py | 0
.../config/opt/cloud/bin/cs/CsLoadBalancer.py | 0
.../debian/config/opt/cloud/bin/cs/CsMonitor.py | 0
.../config/opt/cloud/bin/cs/CsNetfilter.py | 31 ++++++++++++++++++--
.../debian/config/opt/cloud/bin/cs/CsProcess.py | 0
.../config/opt/cloud/bin/cs/CsRedundant.py | 8 ++---
.../debian/config/opt/cloud/bin/cs/CsRoute.py | 0
.../debian/config/opt/cloud/bin/cs/CsRule.py | 0
.../debian/config/opt/cloud/bin/cs/__init__.py | 0
.../debian/config/opt/cloud/bin/cs_cmdline.py | 0
.../debian/config/opt/cloud/bin/cs_dhcp.py | 0
.../config/opt/cloud/bin/cs_firewallrules.py | 0
.../config/opt/cloud/bin/cs_forwardingrules.py | 0
.../config/opt/cloud/bin/cs_guestnetwork.py | 0
.../debian/config/opt/cloud/bin/cs_ip.py | 0
.../config/opt/cloud/bin/cs_loadbalancer.py | 0
.../config/opt/cloud/bin/cs_monitorservice.py | 0
.../config/opt/cloud/bin/cs_network_acl.py | 0
.../config/opt/cloud/bin/cs_site2sitevpn.py | 0
.../debian/config/opt/cloud/bin/cs_vmdata.py | 0
.../debian/config/opt/cloud/bin/cs_vmp.py | 0
.../opt/cloud/bin/get_template_version.sh | 2 +-
31 files changed, 69 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/checkrouter.sh
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/checkrouter.sh b/systemvm/patches/debian/config/opt/cloud/bin/checkrouter.sh
new file mode 100755
index 0000000..4b50f9b
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/checkrouter.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+STATUS=$(cat /etc/cloudstack/cmdline.json | grep redundant_state | awk '{print $2;}' | sed -e 's/[,\"]//g')
+if [ "$?" -ne "0" ]
+then
+ STATUS=MASTER
+fi
+echo "Status: ${STATUS}&Bumped: NO"
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/configure.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index 43b01b6..399c9c4 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -141,6 +141,9 @@ class CsAcl(CsDataBag):
class AclDevice():
""" A little class for each list of acls per device """
+ FIXED_RULES_INGRESS = 3
+ FIXED_RULES_EGRESS = 3
+
def __init__(self, obj, config):
self.ingess = []
self.egress = []
@@ -156,23 +159,27 @@ class CsAcl(CsDataBag):
self.fw = config.get_fw()
def create(self):
- self.process("ingress", self.ingress)
- self.process("egress", self.egress)
+ self.process("ingress", self.ingress, self.FIXED_RULES_INGRESS)
+ self.process("egress", self.egress, self.FIXED_RULES_EGRESS)
- def process(self, direction, rule_list):
+ def process(self, direction, rule_list, base):
+ count = base
for i in rule_list:
- r = self.AclRule(direction, self, i, self.config)
+ r = self.AclRule(direction, self, i, self.config, count)
r.create()
+ count += 1
class AclRule():
- def __init__(self, direction, acl, rule, config):
+ def __init__(self, direction, acl, rule, config, count):
+ self.count = count
if config.is_vpc():
self.init_vpc(direction, acl, rule, config)
def init_vpc(self, direction, acl, rule, config):
self.table = ""
self.device = acl.device
+ self.direction = direction
# acl is an object of the AclDevice type. So, its fw attribute is already a list.
self.fw = acl.fw
self.chain = config.get_ingress_chain(self.device, acl.ip)
@@ -210,7 +217,7 @@ class CsAcl(CsDataBag):
rstr = "%s -m icmp --icmp-type %s" % (rstr, self.icmp_type)
rstr = "%s %s -j %s" % (rstr, self.dport, self.action)
rstr = rstr.replace(" ", " ").lstrip()
- self.fw.append([self.table, "front", rstr])
+ self.fw.append([self.table, self.count, rstr])
def process(self):
for item in self.dbag:
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
old mode 100644
new mode 100755
index 04d642e..8f4d511
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py
@@ -371,9 +371,14 @@ class CsIP:
"-j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff"])
if self.get_type() in ["guest"]:
self.fw.append(["filter", "", "-A FORWARD -d %s -o %s -j ACL_INBOUND_%s" % (self.address['network'], self.dev, self.dev)])
+ self.fw.append(["filter", "front", "-A ACL_INBOUND_%s -d 224.0.0.18/32 -j ACCEPT" % self.dev])
+ self.fw.append(["filter", "front", "-A ACL_INBOUND_%s -d 225.0.0.50/32 -j ACCEPT" % self.dev])
+ self.fw.append(["mangle", "front", "-A ACL_OUTBOUND_%s -d 225.0.0.50/32 -j ACCEPT" % self.dev])
+ self.fw.append(["mangle", "front", "-A ACL_OUTBOUND_%s -d 224.0.0.18/32 -j ACCEPT" % self.dev])
self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp --dport 67 -j ACCEPT" % self.dev])
self.fw.append(["filter", "", "-A INPUT -i %s -p udp -m udp --dport 53 -j ACCEPT" % self.dev])
self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 53 -j ACCEPT" % self.dev])
+
self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT" % self.dev])
self.fw.append(["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT" % self.dev])
self.fw.append(["mangle", "",
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/CsConfig.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsConfig.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsConfig.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py
old mode 100644
new mode 100755
index a3818e5..035e864
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py
@@ -119,10 +119,16 @@ class CsCmdLine(CsDataBag):
return self.idata()['redundant_state'] == "MASTER"
return False
- def get_state(self):
- if "redundant_state" in self.idata():
- return self.idata()['redundant_state']
- return "MASTER"
+ def set_fault_state(self):
+ self.idata()['redundant_state'] = "FAULT"
+ self.idata()['redundant_master'] = False
+
+ def set_master_state(self, value):
+ if value:
+ self.idata()['redundant_state'] = "MASTER"
+ else:
+ self.idata()['redundant_state'] = "BACKUP"
+ self.idata()['redundant_master'] = value
def get_router_id(self):
if "router_id" in self.idata():
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/CsFile.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsFile.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsFile.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/CsGuestNetwork.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsGuestNetwork.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsGuestNetwork.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/CsLoadBalancer.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsLoadBalancer.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsLoadBalancer.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/CsMonitor.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsMonitor.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsMonitor.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py
index 6a546a4..6c1d091 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py
@@ -26,19 +26,28 @@ class CsChain(object):
def __init__(self):
self.chain = {}
self.last_added = ''
+ self.count = {}
def add(self, table, chain):
if table not in self.chain.keys():
self.chain.setdefault(table, []).append(chain)
else:
self.chain[table].append(chain)
- self.last_added = chain
+ if self.last_added != chain:
+ self.last_added = chain
+ self.count[chain] = 0
+
+ def add_rule(self, chain):
+ self.count[chain] += 1
def get(self, table):
if table not in self.chain.keys():
return {}
return self.chain[table]
+ def get_count(self, chain):
+ return self.count[chain]
+
def last(self):
return self.last_added
@@ -84,9 +93,12 @@ class CsNetfilters(object):
if i.startswith(':'): # Chain
self.chain.add(self.table.last(), i[1:].split(' ')[0])
if i.startswith('-A'): # Rule
+ self.chain.add_rule(i.split()[1])
rule = CsNetfilter()
rule.parse(i)
rule.set_table(self.table.last())
+ rule.set_chain(i.split()[1])
+ rule.set_count(self.chain.get_count(i.split()[1]))
self.save(rule)
def save(self, rule):
@@ -104,6 +116,8 @@ class CsNetfilters(object):
def has_rule(self, new_rule):
for r in self.get():
if new_rule == r:
+ if new_rule.get_count() > 0:
+ continue
r.mark_seen()
return True
return False
@@ -119,8 +133,8 @@ class CsNetfilters(object):
def compare(self, list):
""" Compare reality with what is needed """
for c in self.chain.get("filter"):
- # Ensure all inbound chains have a default drop rule
- if c.startswith("ACL_INBOUND"):
+ # Ensure all inbound/outbound chains have a default drop rule
+ if c.startswith("ACL_INBOUND") or c.startswith("ACL_OUTBOUND"):
list.append(["filter", "", "-A %s -j DROP" % c])
# PASS 1: Ensure all chains are present
for fw in list:
@@ -133,6 +147,8 @@ class CsNetfilters(object):
new_rule = CsNetfilter()
new_rule.parse(fw[2])
new_rule.set_table(fw[0])
+ if isinstance(fw[1], int):
+ new_rule.set_count(fw[1])
if self.has_rule(new_rule):
logging.debug("rule %s exists in table %s", fw[2], new_rule.get_table())
else:
@@ -142,6 +158,8 @@ class CsNetfilters(object):
cpy = fw[2]
if fw[1] == "front":
cpy = cpy.replace('-A', '-I')
+ if isinstance(fw[1], int):
+ cpy = cpy.replace("-A %s" % new_rule.get_chain(), '-I %s %s' % (new_rule.get_chain(), fw[1]))
CsHelper.execute("iptables -t %s %s" % (new_rule.get_table(), cpy))
self.del_standard()
@@ -189,6 +207,7 @@ class CsNetfilter(object):
self.table = ''
self.chain = ''
self.seen = False
+ self.count = 0
def parse(self, rule):
self.rule = self.__convert_to_dict(rule)
@@ -227,6 +246,12 @@ class CsNetfilter(object):
def set_chain(self, chain):
self.chain = chain
+ def set_count(self, count=0):
+ self.count = count
+
+ def get_count(self):
+ return self.count
+
def get_chain(self):
return self.chain
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
old mode 100644
new mode 100755
index 7ada710..dc08b85
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py
@@ -174,8 +174,8 @@ class CsRedundant(object):
ads = [o for o in self.address.get_ips() if o.needs_vrrp()]
for o in ads:
pwdsvc = CsPasswdSvc(o.get_gateway()).stop()
- cl.dbag['config']['redundant_master'] = "false"
- cl.save()
+ self.cl.set_fault_state()
+ self.cl.save()
logging.info("Router switched to fault mode")
def set_backup(self):
@@ -201,7 +201,7 @@ class CsRedundant(object):
pwdsvc = CsPasswdSvc(o.get_gateway()).stop()
CsHelper.service("dnsmasq", "stop")
# self._set_priority(self.CS_PRIO_DOWN)
- self.cl.dbag['config']['redundant_master'] = "false"
+ self.cl.set_master_state(False)
# CsHelper.service("keepalived", "restart")
self.cl.save()
logging.info("Router switched to backup mode")
@@ -235,7 +235,7 @@ class CsRedundant(object):
for o in ads:
pwdsvc = CsPasswdSvc(o.get_gateway()).restart()
CsHelper.service("dnsmasq", "restart")
- self.cl.dbag['config']['redundant_master'] = "true"
+ self.cl.set_master_state(True)
self.cl.save()
# CsHelper.service("keepalived", "restart")
logging.info("Router switched to master mode")
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRule.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRule.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRule.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs/__init__.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/__init__.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/__init__.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs_cmdline.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_cmdline.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_cmdline.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs_dhcp.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_dhcp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_dhcp.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs_firewallrules.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_firewallrules.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_firewallrules.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs_forwardingrules.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_forwardingrules.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_forwardingrules.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs_guestnetwork.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_guestnetwork.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_guestnetwork.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs_ip.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_ip.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_ip.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs_loadbalancer.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_loadbalancer.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_loadbalancer.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs_monitorservice.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_monitorservice.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_monitorservice.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs_network_acl.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_network_acl.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_network_acl.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs_site2sitevpn.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_site2sitevpn.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_site2sitevpn.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs_vmdata.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_vmdata.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_vmdata.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/cs_vmp.py
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_vmp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs_vmp.py
old mode 100644
new mode 100755
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/585f5f70/systemvm/patches/debian/config/opt/cloud/bin/get_template_version.sh
----------------------------------------------------------------------
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/get_template_version.sh b/systemvm/patches/debian/config/opt/cloud/bin/get_template_version.sh
index 233ec98..996e9dd 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/get_template_version.sh
+++ b/systemvm/patches/debian/config/opt/cloud/bin/get_template_version.sh
@@ -18,7 +18,7 @@
# As the last command send to router before any rules operation, wait until boot up done
-__TIMEOUT=60
+__TIMEOUT=240
__FLAGFILE=/var/cache/cloud/boot_up_done
done=0
for i in `seq 1 $(($__TIMEOUT * 10))`