vagrant-cloudstack 1.4.0 → 1.5.0

data/README.md

@@ -1,10 +1,10 @@
 # Vagrant Cloudstack Provider
 
-[![Build Status](https://travis-ci.org/MissionCriticalCloud/vagrant-cloudstack.png?branch=master)](https://travis-ci.org/missioncriticalcloud/vagrant-cloudstack)
+[![Build Status](https://travis-ci.org/MissionCriticalCloud/vagrant-cloudstack.png?branch=master)](https://travis-ci.org/MissionCriticalCloud/vagrant-cloudstack)
 [![Gem Version](https://badge.fury.io/rb/vagrant-cloudstack.png)](http://badge.fury.io/rb/vagrant-cloudstack)
-[![Code climate](https://codeclimate.com/github/MissionCriticalCloud/vagrant-cloudstack.png)](https://codeclimate.com/github/missioncriticalcloud/vagrant-cloudstack)
+[![Code climate](https://codeclimate.com/github/MissionCriticalCloud/vagrant-cloudstack.png)](https://codeclimate.com/github/MissionCriticalCloud/vagrant-cloudstack)
 [![Coverage Status](https://coveralls.io/repos/github/MissionCriticalCloud/vagrant-cloudstack/badge.svg?branch=master)](https://coveralls.io/github/MissionCriticalCloud/vagrant-cloudstack?branch=master)
-[![Gem Version](https://badge.fury.io/rb/vagrant-cloudstack.svg)](http://badge.fury.io/rb/vagrant-cloudstack)
+[![BCH compliance](https://bettercodehub.com/edge/badge/MissionCriticalCloud/vagrant-cloudstack?branch=master)](https://bettercodehub.com/)
 
 This is a fork of [mitchellh AWS Provider](https://github.com/mitchellh/vagrant-aws/).
 

data/Rakefile

@@ -5,6 +5,7 @@ require 'rspec/core/rake_task'
 RSpec::Core::RakeTask.new(:functionaltest) do |t|
   t.pattern = "*_spec.rb"
   t.rspec_opts = "-fd"
+  t.verbose = false
 end
 
 # Immediately sync all stdout so that tools like buildbot can
@@ -101,6 +102,5 @@ namespace :functional_tests do
       end
     end
   end
-
-
 end
+

data/build_rpm.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-VERSION=1.4.0
+VERSION=1.5.0
 mkdir -p /tmp/vagrant-cloudstack-build_rpm.$$/vagrant-cloudstack-$VERSION
 cp -r . /tmp/vagrant-cloudstack-build_rpm.$$/vagrant-cloudstack-$VERSION/
 tar -C /tmp/vagrant-cloudstack-build_rpm.$$/ -czf ~/rpmbuild/SOURCES/vagrant-cloudstack-$VERSION.tar.gz vagrant-cloudstack-$VERSION

data/functional-tests/rsync/Vagrantfile.advanced_networking

@@ -21,6 +21,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
     cloudstack.scheme     = 'https'
     cloudstack.api_key    = ENV['CLOUDSTACK_API_KEY']
     cloudstack.secret_key = ENV['CLOUDSTACK_SECRET_KEY']
+    cloudstack.expunge_on_destroy = ENV['EXPUNGE_ON_DESTROY']=="true"
 
     cloudstack.zone_name             = ENV['ZONE_NAME']
     cloudstack.network_name          = ENV['NETWORK_NAME']

data/functional-tests/vmlifecycle/Vagrantfile.advanced_networking

@@ -26,6 +26,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |global_config|
       config.vm.box = options['template']
 
       config.vm.communicator = options['communicator']
+      config.winrm.retry_delay = 30
       config.vm.synced_folder ".", "/vagrant", type: "rsync",
         rsync__exclude: [".git/", "vendor"], disabled: options['rsync_disabled']
       config.vm.provider :cloudstack do |cloudstack, override|
@@ -52,14 +53,11 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |global_config|
         cloudstack.pf_trusted_networks   = ENV['SOURCE_CIDR']
         cloudstack.pf_open_firewall      = false
 
-        unless ENV['SSH_KEY'].nil?
-            cloudstack.ssh_key               = ENV['SSH_KEY']
-            cloudstack.ssh_user              = ENV['SSH_USER']
-        end
 
-        unless ENV['WINDOWS_USER'].nil?
-            cloudstack.vm_user = ENV['WINDOWS_USER']
-        end
+        cloudstack.ssh_key               = ENV['SSH_KEY'] unless ENV['SSH_KEY'].nil?
+        cloudstack.ssh_user              = ENV['SSH_USER'] unless ENV['SSH_USER'].nil?
+        cloudstack.vm_user               = ENV['WINDOWS_USER'] unless ENV['WINDOWS_USER'].nil?
+
       end
     end
   end

data/functional-tests/vmlifecycle/vmlifecycle_spec.rb

@@ -1,13 +1,25 @@
+def which(cmd)
+  exts = ENV['PATHEXT'] ? ENV['PATHEXT'].split(';') : ['']
+  ENV['PATH'].split(File::PATH_SEPARATOR).each do |path|
+    exts.each { |ext|
+      exe = File.join(path, "#{cmd}#{ext}")
+      return exe if File.executable?(exe) && !File.directory?(exe)
+    }
+  end
+  return nil
+end
+insert_tee_log = '  2>&1 | tee -a vagrant.log ' if which('tee')
+
 describe 'VM Life Cycle' do
   it 'starts Linux and Windows VM' do
-    expect(`vagrant up`).to include(
+    expect(`vagrant up  #{insert_tee_log}`).to include(
       'linux-box: Machine is booted and ready for use!',
       'windows-box: Machine is booted and ready for use!'
     )
     expect($?.exitstatus).to eq(0)
   end
   it 'destroys Linux and Windows VM' do
-    expect(`vagrant destroy --force`).to include('Done removing resources')
+    expect(`vagrant destroy --force  #{insert_tee_log}`).to include('Done removing resources')
     expect($?.exitstatus).to eq(0)
   end
 end

data/lib/vagrant-cloudstack/action/read_rdp_info.rb

@@ -1,3 +1,4 @@
+require_relative 'read_transport_info.rb'
 require 'log4r'
 
 module VagrantPlugins
@@ -5,10 +6,12 @@ module VagrantPlugins
     module Action
       # This action reads the WinRM info for the machine and puts it into the
       # `:machine_winrm_info` key in the environment.
-      class ReadRdpInfo
+      class ReadRdpInfo < ReadTransportInfo
         def initialize(app, env)
           @app    = app
           @logger = Log4r::Logger.new("vagrant_cloudstack::action::read_rdp_info")
+
+          @public_port_fieldname = 'pf_public_rdp_port'
         end
 
         def call(env)
@@ -18,57 +21,20 @@ module VagrantPlugins
         end
 
         def read_rdp_info(cloudstack, machine)
-          return nil if machine.id.nil?
-
-          # Find the machine
-          server = cloudstack.servers.get(machine.id)
-          if server.nil?
-            # The machine can't be found
-            @logger.info("Machine couldn't be found, assuming it got destroyed.")
-            machine.id = nil
-            return nil
-          end
+          return nil if (server = find_server(cloudstack, machine)).nil?
 
           # Get the Port forwarding config
           domain        = machine.provider_config.domain_id
           domain_config = machine.provider_config.get_domain_config(domain)
 
-          pf_ip_address_id   = domain_config.pf_ip_address_id
-          pf_ip_address      = domain_config.pf_ip_address
-          pf_public_rdp_port = domain_config.pf_public_rdp_port
-
-          if pf_public_rdp_port.nil?
-            pf_public_rdp_port_file = machine.data_dir.join('pf_public_rdp_port')
-            if pf_public_rdp_port_file.file?
-              File.read(pf_public_rdp_port_file).each_line do |line|
-                pf_public_rdp_port = line.strip
-              end
-              domain_config.pf_public_rdp_port = pf_public_rdp_port
-            end
-          end
-
-          if not pf_ip_address and pf_ip_address_id and pf_public_rdp_port
-            begin
-              response = cloudstack.list_public_ip_addresses({:id => pf_ip_address_id})
-            rescue Fog::Compute::Cloudstack::Error => e
-              raise Errors::FogError, :message => e.message
-            end
-
-            if response["listpublicipaddressesresponse"]["count"] == 0
-              @logger.info("IP address #{pf_ip_address_id} not exists.")
-              env[:ui].info(I18n.t("IP address #{pf_ip_address_id} not exists."))
-              pf_ip_address = nil
-            else
-              pf_ip_address = response["listpublicipaddressesresponse"]["publicipaddress"][0]["ipaddress"]
-            end
-          end
+          pf_ip_address, pf_public_port = retrieve_public_ip_port(cloudstack, domain_config, machine)
 
-          rdp_info = {
+          transport_info = {
                        :host => pf_ip_address || server.nics[0]['ipaddress'],
-                       :port => pf_public_rdp_port
+                       :port => pf_public_port
                      }
 
-          rdp_info
+          transport_info
         end
       end
     end

data/lib/vagrant-cloudstack/action/read_ssh_info.rb

@@ -1,3 +1,4 @@
+require_relative 'read_transport_info.rb'
 require 'log4r'
 
 module VagrantPlugins
@@ -5,10 +6,12 @@ module VagrantPlugins
     module Action
       # This action reads the SSH info for the machine and puts it into the
       # `:machine_ssh_info` key in the environment.
-      class ReadSSHInfo
+      class ReadSSHInfo < ReadTransportInfo
         def initialize(app, env)
           @app    = app
           @logger = Log4r::Logger.new("vagrant_cloudstack::action::read_ssh_info")
+
+          @public_port_fieldname = 'pf_public_port'
         end
 
         def call(env)
@@ -18,50 +21,13 @@ module VagrantPlugins
         end
 
         def read_ssh_info(cloudstack, machine)
-          return nil if machine.id.nil?
-
-          # Find the machine
-          server = cloudstack.servers.get(machine.id)
-          if server.nil?
-            # The machine can't be found
-            @logger.info("Machine couldn't be found, assuming it got destroyed.")
-            machine.id = nil
-            return nil
-          end
+          return nil if (server = find_server(cloudstack, machine)).nil?
 
           # Get the Port forwarding config
           domain        = machine.provider_config.domain_id
           domain_config = machine.provider_config.get_domain_config(domain)
 
-          pf_ip_address_id = domain_config.pf_ip_address_id
-          pf_ip_address    = domain_config.pf_ip_address
-          pf_public_port   = domain_config.pf_public_port
-
-          if pf_public_port.nil?
-            pf_public_port_file = machine.data_dir.join('pf_public_port')
-            if pf_public_port_file.file?
-              File.read(pf_public_port_file).each_line do |line|
-                pf_public_port = line.strip
-              end
-              domain_config.pf_public_port = pf_public_port
-            end
-          end
-
-          if not pf_ip_address and pf_ip_address_id and pf_public_port
-            begin
-              response = cloudstack.list_public_ip_addresses({:id => pf_ip_address_id})
-            rescue Fog::Compute::Cloudstack::Error => e
-              raise Errors::FogError, :message => e.message
-            end
-
-            if response["listpublicipaddressesresponse"]["count"] == 0
-              @logger.info("IP address #{pf_ip_address_id} not exists.")
-              env[:ui].info(I18n.t("IP address #{pf_ip_address_id} not exists."))
-              pf_ip_address = nil
-            else
-              pf_ip_address = response["listpublicipaddressesresponse"]["publicipaddress"][0]["ipaddress"]
-            end
-          end
+          pf_ip_address, pf_public_port = retrieve_public_ip_port(cloudstack, domain_config, machine)
 
           if domain_config.keypair.nil? && domain_config.ssh_key.nil?
             sshkeyfile_file = machine.data_dir.join('sshkeyfile')
@@ -72,16 +38,16 @@ module VagrantPlugins
 
           nic_ip_address = fetch_nic_ip_address(server.nics, domain_config)
 
-          ssh_info = {
+          transport_info = {
                        :host => pf_ip_address || nic_ip_address,
                        :port => pf_public_port
                      }
-          ssh_info = ssh_info.merge({
+          transport_info = transport_info.merge({
             :private_key_path => domain_config.ssh_key,
             :password         => nil
           }) unless domain_config.ssh_key.nil?
-          ssh_info = ssh_info.merge({ :username => domain_config.ssh_user }) unless domain_config.ssh_user.nil?
-          ssh_info
+          transport_info = transport_info.merge({ :username => domain_config.ssh_user }) unless domain_config.ssh_user.nil?
+          transport_info
         end
 
         def fetch_nic_ip_address(nics, domain_config)

data/lib/vagrant-cloudstack/action/read_transport_info.rb

@@ -0,0 +1,59 @@
+module VagrantPlugins
+  module Cloudstack
+    module Action
+      class ReadTransportInfo
+        def initialize
+          @public_port_fieldname = 'pf_public_port'
+        end
+
+        def retrieve_public_ip_port(cloudstack, domain_config, machine)
+          pf_ip_address_id = domain_config.pf_ip_address_id
+          pf_ip_address = domain_config.pf_ip_address
+          pf_public_port = domain_config.send(@public_port_fieldname)
+
+          if pf_public_port.nil?
+            pf_public_port_file = machine.data_dir.join(@public_port_fieldname)
+            if pf_public_port_file.file?
+              File.read(pf_public_port_file).each_line do |line|
+                pf_public_port = line.strip
+              end
+              domain_config.send("#{@public_port_fieldname}=", pf_public_port)
+            end
+          end
+
+          if not pf_ip_address and pf_ip_address_id and pf_public_port
+            begin
+              response = cloudstack.list_public_ip_addresses({:id => pf_ip_address_id})
+            rescue Fog::Compute::Cloudstack::Error => e
+              raise Errors::FogError, :message => e.message
+            end
+
+            if (response['listpublicipaddressesresponse']['count']).zero?
+              @logger.info("IP address #{pf_ip_address_id} not exists.")
+              env[:ui].info(I18n.t("IP address #{pf_ip_address_id} not exists."))
+              pf_ip_address = nil
+            else
+              pf_ip_address = response['listpublicipaddressesresponse']['publicipaddress'][0]['ipaddress']
+            end
+          end
+          return pf_ip_address, pf_public_port
+        end
+
+        def find_server(cloudstack, machine)
+          return nil if machine.id.nil?
+
+          # Find the machine
+          server = cloudstack.servers.get(machine.id)
+          if server.nil? || [:"shutting-down", :terminated].include?(server.state.downcase.to_sym)
+            # The machine can't be found
+            @logger.info("Machine couldn't be found, assuming it got destroyed.")
+            machine.id = nil
+            return nil
+          end
+
+          server
+        end
+      end
+    end
+  end
+end

data/lib/vagrant-cloudstack/action/read_winrm_info.rb

@@ -1,3 +1,4 @@
+require_relative 'read_transport_info.rb'
 require 'log4r'
 
 module VagrantPlugins
@@ -5,10 +6,12 @@ module VagrantPlugins
     module Action
       # This action reads the WinRM info for the machine and puts it into the
       # `:machine_winrm_info` key in the environment.
-      class ReadWinrmInfo
+      class ReadWinrmInfo < ReadTransportInfo
         def initialize(app, env)
           @app    = app
           @logger = Log4r::Logger.new("vagrant_cloudstack::action::read_winrm_info")
+
+          @public_port_fieldname = 'pf_public_port'
         end
 
         def call(env)
@@ -18,58 +21,21 @@ module VagrantPlugins
         end
 
         def read_winrm_info(cloudstack, machine)
-          return nil if machine.id.nil?
-
-          # Find the machine
-          server = cloudstack.servers.get(machine.id)
-          if server.nil?
-            # The machine can't be found
-            @logger.info("Machine couldn't be found, assuming it got destroyed.")
-            machine.id = nil
-            return nil
-          end
+          return nil if (server = find_server(cloudstack, machine)).nil?
 
           # Get the Port forwarding config
           domain        = machine.provider_config.domain_id
           domain_config = machine.provider_config.get_domain_config(domain)
 
-          pf_ip_address_id = domain_config.pf_ip_address_id
-          pf_ip_address    = domain_config.pf_ip_address
-          pf_public_port   = domain_config.pf_public_port
-
-          if pf_public_port.nil?
-            pf_public_port_file = machine.data_dir.join('pf_public_port')
-            if pf_public_port_file.file?
-              File.read(pf_public_port_file).each_line do |line|
-                pf_public_port = line.strip
-              end
-              domain_config.pf_public_port = pf_public_port
-            end
-          end
-
-          if not pf_ip_address and pf_ip_address_id and pf_public_port
-            begin
-              response = cloudstack.list_public_ip_addresses({:id => pf_ip_address_id})
-            rescue Fog::Compute::Cloudstack::Error => e
-              raise Errors::FogError, :message => e.message
-            end
-
-            if response["listpublicipaddressesresponse"]["count"] == 0
-              @logger.info("IP address #{pf_ip_address_id} not exists.")
-              env[:ui].info(I18n.t("IP address #{pf_ip_address_id} not exists."))
-              pf_ip_address = nil
-            else
-              pf_ip_address = response["listpublicipaddressesresponse"]["publicipaddress"][0]["ipaddress"]
-            end
-          end
+          pf_ip_address, pf_public_port = retrieve_public_ip_port(cloudstack, domain_config, machine)
 
 
-          winrm_info = {
+          transport_info = {
                        :host => pf_ip_address || server.nics[0]['ipaddress'],
                        :port => pf_public_port
                      }
 
-          winrm_info = winrm_info.merge({
+          transport_info = transport_info.merge({
             :username => domain_config.vm_user
           }) unless domain_config.vm_user.nil?
           machine.config.winrm.username = domain_config.vm_user unless domain_config.vm_user.nil?
@@ -88,14 +54,14 @@ module VagrantPlugins
             end
           end
 
-          winrm_info = winrm_info.merge({
+          transport_info = transport_info.merge({
             :password => domain_config.vm_password
           }) unless domain_config.vm_password.nil?
           # The WinRM communicator doesnt support passing
           # the password via winrm_info ... yet ;-)
           machine.config.winrm.password = domain_config.vm_password unless domain_config.vm_password.nil?
 
-          winrm_info
+          transport_info
         end
       end
     end

data/lib/vagrant-cloudstack/action/run_instance.rb

@@ -24,94 +24,20 @@ module VagrantPlugins
 
         def call(env)
           # Initialize metrics if they haven't been
-          env[:metrics]         ||= {}
+          env[:metrics] ||= {}
           @env = env
 
-          # Get the domain we're going to booting up in
-          @domain        = @env[:machine].provider_config.domain_id
-          # Get the configs
-          @domain_config = @env[:machine].provider_config.get_domain_config(@domain)
-
-          sanitize_domain_config
-
-          @zone             = CloudstackResource.new(@domain_config.zone_id, @domain_config.zone_name, 'zone')
-          @networks         = CloudstackResource.create_list(@domain_config.network_id, @domain_config.network_name, 'network')
-          @service_offering = CloudstackResource.new(@domain_config.service_offering_id, @domain_config.service_offering_name, 'service_offering')
-          @disk_offering    = CloudstackResource.new(@domain_config.disk_offering_id, @domain_config.disk_offering_name, 'disk_offering')
-          @template         = CloudstackResource.new(@domain_config.template_id, @domain_config.template_name || @env[:machine].config.vm.box, 'template')
-          @pf_ip_address    = CloudstackResource.new(@domain_config.pf_ip_address_id, @domain_config.pf_ip_address, 'public_ip_address')
-
-          @resource_service.sync_resource(@zone, { available: true })
-          cs_zone = @env[:cloudstack_compute].zones.find{ |f| f.id == @zone.id }
-          @resource_service.sync_resource(@service_offering, {listall: true})
-          @resource_service.sync_resource(@disk_offering, {listall: true})
-          @resource_service.sync_resource(@template, {zoneid: @zone.id, templatefilter: 'executable', listall: true})
-          @resource_service.sync_resource(@pf_ip_address)
-
-          if cs_zone.network_type.downcase == 'basic'
-            # No network specification in basic zone
-            @env[:ui].warn(I18n.t('vagrant_cloudstack.basic_network', :zone_name => @zone.name)) if !@networks.empty? && (@networks[0].id || @networks[0].name)
-            @networks = [CloudstackResource.new(nil, nil, 'network')]
-
-            # No portforwarding in basic zone, so none of the below
-            @domain_config.pf_ip_address               = nil
-            @domain_config.pf_ip_address_id            = nil
-            @domain_config.pf_public_port              = nil
-            @domain_config.pf_public_rdp_port          = nil
-            @domain_config.pf_public_port_randomrange  = nil
-          else
-            @networks.each do |network|
-              @resource_service.sync_resource(network)
-            end
-          end
-
-          if cs_zone.security_groups_enabled
-            prepare_security_groups
-          else
-            if !@domain_config.security_group_ids.empty? || !@domain_config.security_group_names.empty? || !@domain_config.security_groups.empty?
-              @env[:ui].warn(I18n.t('vagrant_cloudstack.security_groups_disabled', :zone_name => @zone.name))
-            end
-            @domain_config.security_group_ids        = []
-            @domain_config.security_group_names      = []
-            @domain_config.security_groups           = []
-          end
-
-          @domain_config.display_name = generate_display_name if @domain_config.display_name.nil?
-
-          # If there is no keypair or keyfile then warn the user
-          if @domain_config.keypair.nil? && @domain_config.ssh_key.nil?
-            @env[:ui].warn(I18n.t('vagrant_cloudstack.launch_no_keypair_no_sshkey'))
-            store_ssh_keypair("vagacs_#{@domain_config.display_name}_#{sprintf('%04d', rand(9999))}",
-                              nil, @domain, @domain_config.project_id)
-          end
+          sanatize_creation_parameters
 
+          show_creation_summary
 
-          # Launch!
-          @env[:ui].info(I18n.t('vagrant_cloudstack.launching_instance'))
-          @env[:ui].info(" -- Display Name: #{@domain_config.display_name}")
-          @env[:ui].info(" -- Group: #{@domain_config.group}") if @domain_config.group
-          @env[:ui].info(" -- Service offering: #{@service_offering.name} (#{@service_offering.id})")
-          @env[:ui].info(" -- Disk offering: #{@disk_offering.name} (#{@disk_offering.id})") unless @disk_offering.id.nil?
-          @env[:ui].info(" -- Template: #{@template.name} (#{@template.id})")
-          @env[:ui].info(" -- Project UUID: #{@domain_config.project_id}") unless @domain_config.project_id.nil?
-          @env[:ui].info(" -- Zone: #{@zone.name} (#{@zone.id})")
-          @networks.each do |network|
-            @env[:ui].info(" -- Network: #{network.name} (#{network.id})")
-          end
-          @env[:ui].info(" -- Keypair: #{@domain_config.keypair}") if @domain_config.keypair
-          @env[:ui].info(' -- User Data: Yes') if @domain_config.user_data
-          @security_groups.each do |security_group|
-              @env[:ui].info(" -- Security Group: #{security_group.name} (#{security_group.id})")
-          end
-
-          server = create_vm
+          create_vm
 
-          # Wait for the instance to be ready first
-          wait_for_instance_ready(server)
+          wait_for_instance_ready
 
-          store_volumes(server)
+          store_volumes
 
-          store_password(server)
+          store_password
 
           configure_networking
 
@@ -126,16 +52,34 @@ module VagrantPlugins
           @app.call(@env)
         end
 
-        def store_volumes(server)
-          volumes = @env[:cloudstack_compute].volumes.find_all { |f| f.server_id == server.id }
-          # volumes refuses to be iterated directly, do it by index
-          (0...volumes.length).each do |idx|
-            unless volumes[idx].type == 'ROOT'
-              volumes_file = @env[:machine].data_dir.join('volumes')
-              volumes_file.open('a+') do |f|
-                f.write("#{volumes[idx].id}\n")
-              end
-            end
+        def sanatize_creation_parameters
+          # Get the domain we're going to booting up in
+          @domain = @env[:machine].provider_config.domain_id
+          # Get the configs
+          @domain_config = @env[:machine].provider_config.get_domain_config(@domain)
+
+          sanitize_domain_config
+
+          initialize_parameters
+
+          if @zone.is_undefined?
+            @env[:ui].error("No Zone specified!")
+            exit(false)
+          end
+
+          resolve_parameters
+
+          cs_zone = @env[:cloudstack_compute].zones.find {|f| f.id == @zone.id}
+          resolve_network(cs_zone)
+
+          resolve_security_groups(cs_zone)
+
+          @domain_config.display_name = generate_display_name if @domain_config.display_name.nil?
+
+          if @domain_config.keypair.nil? && @domain_config.ssh_key.nil?
+            @env[:ui].warn(I18n.t('vagrant_cloudstack.launch_no_keypair_no_sshkey'))
+            generate_ssh_keypair("vagacs_#{@domain_config.display_name}_#{sprintf('%04d', rand(9999))}",
+                                 nil, @domain, @domain_config.project_id)
           end
         end
 
@@ -159,129 +103,64 @@ module VagrantPlugins
           end
         end
 
-        def configure_networking
-          enable_static_nat_rules
-
-          evaluate_pf_private_port
-          evaluate_pf_private_rdp_port
-
-
-          create_port_forwardings
-          # First create_port_forwardings,
-          # as it may generate 'pf_public_port' or 'pf_public_rdp_port',
-          # which after this may need a firewall rule
-          configure_firewall
-        end
-
-        def enable_static_nat_rules
-          unless @domain_config.static_nat.empty?
-            @domain_config.static_nat.each do |rule|
-              enable_static_nat( rule)
-            end
-          end
-        end
-
-        def generate_display_name
-          local_user = ENV['USER'].dup
-          local_user.gsub!(/[^-a-z0-9_]/i, '')
-          prefix = @env[:root_path].basename.to_s
-          prefix.gsub!(/[^-a-z0-9_]/i, '')
-
-          local_user + '_' + prefix + "_#{Time.now.to_i}"
+        def initialize_parameters
+          @zone = CloudstackResource.new(@domain_config.zone_id, @domain_config.zone_name, 'zone')
+          @networks = CloudstackResource.create_list(@domain_config.network_id, @domain_config.network_name, 'network')
+          @service_offering = CloudstackResource.new(@domain_config.service_offering_id, @domain_config.service_offering_name, 'service_offering')
+          @disk_offering = CloudstackResource.new(@domain_config.disk_offering_id, @domain_config.disk_offering_name, 'disk_offering')
+          @template = CloudstackResource.new(@domain_config.template_id, @domain_config.template_name || @env[:machine].config.vm.box, 'template')
+          @pf_ip_address = CloudstackResource.new(@domain_config.pf_ip_address_id, @domain_config.pf_ip_address, 'public_ip_address')
         end
 
-        def wait_for_communicator_ready
-          @env[:metrics]['instance_ssh_time'] = Util::Timer.time do
-            # Wait for communicator to be ready.
-            communicator = @env[:machine].communicate.instance_variable_get('@logger').instance_variable_get('@name')
-            @env[:ui].info(I18n.t('vagrant_cloudstack.waiting_for_communicator', :communicator => communicator.to_s.upcase))
-            while true
-              # If we're interrupted then just back out
-              break if @env[:interrupted]
-              break if @env[:machine].communicate.ready?
-              sleep 2
-            end
+        def resolve_parameters
+          begin
+            @resource_service.sync_resource(@zone, {available: true})
+            @resource_service.sync_resource(@service_offering, {listall: true})
+            @resource_service.sync_resource(@disk_offering, {listall: true})
+            @resource_service.sync_resource(@template, {zoneid: @zone.id, templatefilter: 'executable', listall: true})
+            @resource_service.sync_resource(@pf_ip_address)
+          rescue CloudstackResourceNotFound => e
+            @env[:ui].error(e.message)
+            exit(false)
           end
-          @logger.info("Time for SSH ready: #{@env[:metrics]['instance_ssh_time']}")
         end
 
-        def wait_for_instance_ready( server)
-          @env[:metrics]['instance_ready_time'] = Util::Timer.time do
-            tries = @domain_config.instance_ready_timeout / 2
-
-            @env[:ui].info(I18n.t('vagrant_cloudstack.waiting_for_ready'))
-            begin
-              retryable(:on => Fog::Errors::TimeoutError, :tries => tries) do
-                # If we're interrupted don't worry about waiting
-                next if @env[:interrupted]
-
-                # Wait for the server to be ready
-                server.wait_for(2) { ready? }
-              end
-            rescue Fog::Errors::TimeoutError
-              # Delete the instance
-              terminate
+        def resolve_network(cs_zone)
+          if cs_zone.network_type.downcase == 'basic'
+            # No network specification in basic zone
+            @env[:ui].warn(I18n.t('vagrant_cloudstack.basic_network', :zone_name => @zone.name)) if !@networks.empty? && (@networks[0].id || @networks[0].name)
+            @networks = [CloudstackResource.new(nil, nil, 'network')]
 
-              # Notify the user
-              raise Errors::InstanceReadyTimeout,
-                    :timeout => @domain_config.instance_ready_timeout
+            # No portforwarding in basic zone, so none of the below
+            @domain_config.pf_ip_address = nil
+            @domain_config.pf_ip_address_id = nil
+            @domain_config.pf_public_port = nil
+            @domain_config.pf_public_rdp_port = nil
+            @domain_config.pf_public_port_randomrange = nil
+          else
+            @networks.each do |network|
+              @resource_service.sync_resource(network)
             end
           end
-          @logger.info("Time to instance ready: #{@env[:metrics]['instance_ready_time']}")
         end
 
-        def create_vm
-          server = nil
-          begin
-            options = {
-                :display_name => @domain_config.display_name,
-                :group => @domain_config.group,
-                :zone_id => @zone.id,
-                :flavor_id => @service_offering.id,
-                :image_id => @template.id
-            }
-
-            options['network_ids'] = @networks.map(&:id).compact.join(",") unless @networks.empty?
-            options['security_group_ids'] = @security_groups.map{|security_group| security_group.id}.join(',') unless @security_groups.empty?
-            options['project_id'] = @domain_config.project_id unless @domain_config.project_id.nil?
-            options['key_name'] = @domain_config.keypair unless @domain_config.keypair.nil?
-            options['name'] = @domain_config.name unless @domain_config.name.nil?
-            options['ip_address'] = @domain_config.private_ip_address unless @domain_config.private_ip_address.nil?
-            options['disk_offering_id'] = @disk_offering.id unless @disk_offering.id.nil?
-
-            if @domain_config.user_data != nil
-              options['user_data'] = Base64.urlsafe_encode64(@domain_config.user_data)
-              if options['user_data'].length > 2048
-                raise Errors::UserdataError,
-                      :userdataLength => options['user_data'].length
-              end
-            end
-
-            server = @env[:cloudstack_compute].servers.create(options)
-          rescue Fog::Compute::Cloudstack::NotFound => e
-            # Invalid subnet doesn't have its own error so we catch and
-            # check the error message here.
-            # XXX FIXME vpc?
-            if e.message =~ /subnet ID/
-              raise Errors::FogError,
-                    :message => "Subnet ID not found: #{@networks.map(&:id).compact.join(",")}"
+        def resolve_security_groups(cs_zone)
+          if cs_zone.security_groups_enabled
+            prepare_security_groups
+          else
+            if !@domain_config.security_group_ids.empty? || !@domain_config.security_group_names.empty? || !@domain_config.security_groups.empty?
+              @env[:ui].warn(I18n.t('vagrant_cloudstack.security_groups_disabled', :zone_name => @zone.name))
             end
-
-            raise
-          rescue Fog::Compute::Cloudstack::Error => e
-            raise Errors::FogError, :message => e.message
+            @domain_config.security_group_ids = []
+            @domain_config.security_group_names = []
+            @domain_config.security_groups = []
           end
-
-          # Immediately save the ID since it is created at this point.
-          @env[:machine].id = server.id
-          server
         end
 
         def prepare_security_groups
           # Can't use Security Group IDs and Names at the same time
           # Let's use IDs by default...
           if @domain_config.security_group_ids.empty? and !@domain_config.security_group_names.empty?
-            #@domain_config.security_group_ids = @domain_config.security_group_names.map { |name|  name_to_id(@env, name, 'security_group') }
             @security_groups = @domain_config.security_group_names.map do |name|
               group = CloudstackResource.new(nil, name, 'security_group')
               @resource_service.sync_resource(group)
@@ -305,267 +184,146 @@ module VagrantPlugins
           end
         end
 
-        def evaluate_pf_private_port
-          if @domain_config.pf_private_port.nil?
+        def create_security_group(security_group)
+          begin
+            sgid = @env[:cloudstack_compute].create_security_group(:name        => security_group[:name],
+                                                                   :description => security_group[:description])['createsecuritygroupresponse']['securitygroup']['id']
+            security_group_object = CloudstackResource.new(sgid, security_group[:name], 'security_group')
+            @env[:ui].info(" -- Security Group #{security_group[:name]} created with ID: #{sgid}")
+          rescue Exception => e
+            if e.message =~ /already exis/
+              security_group_object = CloudstackResource.new(nil, security_group[:name], 'security_group')
+              @resource_service.sync_resource(security_group_object)
+              @env[:ui].info(" -- Security Group #{security_group_object.name} found with ID: #{security_group_object.id}")
+            end
+          end
 
-            communicator = @env[:machine].communicate.instance_variable_get('@logger').instance_variable_get('@name')
-            comm_obj = @env[:machine].config.send(communicator)
+          # security group is created and we have it's ID
+          # so we add the rules... Does it really matter if they already exist ? CLoudstack seems to take care of that!
+          security_group[:rules].each do |rule|
+            rule_options = {
+                :securityGroupId => security_group_object.id,
+                :protocol        => rule[:protocol],
+                :startport       => rule[:startport],
+                :endport         => rule[:endport],
+                :cidrlist        => rule[:cidrlist]
+            }
 
-            @domain_config.pf_private_port = comm_obj.port if comm_obj.respond_to?('port')
-            @domain_config.pf_private_port = comm_obj.guest_port if comm_obj.respond_to?('guest_port')
-            @domain_config.pf_private_port = comm_obj.default.port if (comm_obj.respond_to?('default') && comm_obj.default.respond_to?('port'))
+            # The rule[:type] is either ingress or egress, but the method call looks the same.
+            # We build a dynamic method name and then send it off.
+            @env[:cloudstack_compute].send("authorize_security_group_#{rule[:type]}".to_sym, rule_options)
+            @env[:ui].info(" --- #{rule[:type].capitalize} Rule added: #{rule[:protocol]} from #{rule[:startport]} to #{rule[:endport]} (#{rule[:cidrlist]})")
           end
-        end
 
-        def evaluate_pf_private_rdp_port
-          @domain_config.pf_private_rdp_port = @env[:machine].config.vm.rdp.port if (@env[:machine].config.vm.respond_to?(:rdp) && @env[:machine].config.vm.rdp.respond_to?(:port))
+          store_security_groups(security_group_object)
         end
 
-        def configure_firewall
+        def generate_display_name
+          local_user = ENV['USER'] ? ENV['USER'].dup : 'VACS'
+          local_user.gsub!(/[^-a-z0-9_]/i, '')
+          prefix = @env[:root_path].basename.to_s
+          prefix.gsub!(/[^-a-z0-9_]/i, '')
 
-          unless @pf_ip_address.is_undefined?
-            ports = [ Hash[publicport: 'pf_public_port',     privateport: 'pf_private_port'] ]
-            ports <<  Hash[publicport: 'pf_public_rdp_port', privateport: 'pf_private_rdp_port']
+          local_user + '_' + prefix + "_#{Time.now.to_i}"
+        end
 
-            ports.each do |port_set|
-              if @pf_ip_address.details.has_key?('vpcid')
-                forward_portname = port_set[:privateport]
-              else
-                forward_portname = port_set[:publicport]
-              end
-              check_portname = port_set[:publicport]
-              # As we take care of implicit/auto port_forward of 'pf_public_port' we do Firewall as well, possibly
-              if (@domain_config.pf_ip_address_id || @domain_config.pf_ip_address) &&
-                  @domain_config.send(check_portname) &&
-                  @domain_config.pf_trusted_networks &&
-                  !@domain_config.pf_open_firewall
-                # Allow access to public port from trusted networks only
-                fw_rule_trusted_networks = {
-                    :ipaddressid => @domain_config.pf_ip_address_id,
-                    :ipaddress => @domain_config.pf_ip_address,
-                    :protocol => 'tcp',
-                    :startport => @domain_config.send(forward_portname),
-                    :endport => @domain_config.send(forward_portname),
-                    :cidrlist => @domain_config.pf_trusted_networks.join(',')
-                }
-                @domain_config.firewall_rules = [] unless @domain_config.firewall_rules
-                @domain_config.firewall_rules << fw_rule_trusted_networks
-              end
-            end
+        def show_creation_summary
+          # Launch!
+          @env[:ui].info(I18n.t('vagrant_cloudstack.launching_instance'))
+          @env[:ui].info(" -- Display Name: #{@domain_config.display_name}")
+          @env[:ui].info(" -- Group: #{@domain_config.group}") if @domain_config.group
+          @env[:ui].info(" -- Service offering: #{@service_offering.name} (#{@service_offering.id})")
+          @env[:ui].info(" -- Disk offering: #{@disk_offering.name} (#{@disk_offering.id})") unless @disk_offering.id.nil?
+          @env[:ui].info(" -- Template: #{@template.name} (#{@template.id})")
+          @env[:ui].info(" -- Project UUID: #{@domain_config.project_id}") unless @domain_config.project_id.nil?
+          @env[:ui].info(" -- Zone: #{@zone.name} (#{@zone.id})")
+          @networks.each do |network|
+            @env[:ui].info(" -- Network: #{network.name} (#{network.id})")
           end
+          @env[:ui].info(" -- Keypair: #{@domain_config.keypair}") if @domain_config.keypair
+          @env[:ui].info(' -- User Data: Yes') if @domain_config.user_data
+          @security_groups.each do |security_group|
+            @env[:ui].info(" -- Security Group: #{security_group.name} (#{security_group.id})")
+          end
+        end
 
-          unless @domain_config.firewall_rules.empty?
-
-            # Inspect port_forwarding rules to make firewall rules
-            if @pf_ip_address.details.has_key?('vpcid')
-              port_name = :privateport
-            else
-              port_name = :publicport
-            end
-            unless @domain_config.port_forwarding_rules.empty?
-              @domain_config.port_forwarding_rules.each do |port_forwarding_rule|
-                if port_forwarding_rule[:generate_firewall] && @domain_config.pf_trusted_networks && !port_forwarding_rule[:openfirewall]
-                  # Allow access to public port from trusted networks only
-                  fw_rule_trusted_networks = {
-                      :ipaddressid => port_forwarding_rule[:ipaddressid],
-                      :ipaddress => port_forwarding_rule[:ipaddress],
-                      :protocol => port_forwarding_rule[:protocol],
-                      :startport => port_forwarding_rule[port_name],
-                      :endport => port_forwarding_rule[port_name],
-                      :cidrlist => @domain_config.pf_trusted_networks.join(',')
-                  }
-                  @domain_config.firewall_rules = [] unless @domain_config.firewall_rules
-                  @domain_config.firewall_rules << fw_rule_trusted_networks
-                end
-              end
-            end
+        def create_vm
+          @server = nil
+          begin
+            options = compose_server_creation_options
 
-            # Fill in the blanks for all rules
-            @domain_config.firewall_rules.each do |firewall_rule|
-              firewall_rule[:ipaddressid] = @domain_config.pf_ip_address_id if firewall_rule[:ipaddressid].nil?
-              firewall_rule[:ipaddress] = @domain_config.pf_ip_address if firewall_rule[:ipaddress].nil?
-              firewall_rule[:cidrlist] = @domain_config.pf_trusted_networks.join(',') if firewall_rule[:cidrlist].nil?
-              firewall_rule[:protocol] = 'tcp' if firewall_rule[:protocol].nil?
-              firewall_rule[:startport] = firewall_rule[:endport] if firewall_rule[:startport].nil?
+            @server = @env[:cloudstack_compute].servers.create(options)
+          rescue Fog::Compute::Cloudstack::NotFound => e
+            # Invalid subnet doesn't have its own error so we catch and
+            # check the error message here.
+            # XXX FIXME vpc?
+            if e.message =~ /subnet ID/
+              raise Errors::FogError,
+                    :message => "Subnet ID not found: #{@networks.map(&:id).compact.join(",")}"
             end
 
-            # Apply all rules
-            @domain_config.firewall_rules.each do |firewall_rule|
-              create_firewall_rule( firewall_rule )
-            end
+            raise
+          rescue Fog::Compute::Cloudstack::Error => e
+            raise Errors::FogError, :message => e.message
           end
+
+          @env[:machine].id = @server.id
         end
 
-        def create_port_forwardings
-          unless @pf_ip_address.is_undefined?
-            guest_windows = false || @env[:machine].config.vm.guest == :windows || @env[:machine].communicate.instance_variable_get('@logger').instance_variable_get('@name') == 'winrm'
-
-            ports = [ Hash[:public_port => 'pf_public_port',     :private_port => 'pf_private_port'] ]
-            ports <<  Hash[:public_port => 'pf_public_rdp_port', :private_port => 'pf_private_rdp_port'] if guest_windows
-
-            ports.each do |port_set|
-              # Implicit/automatic Port forward for 'private' port (SSH/WinRM or RDP)
-              # Also sets 'public_port' port to random port if missing
-              public_port_name = port_set[:public_port]
-              private_port_name = port_set[:private_port]
-              if (@domain_config.pf_ip_address_id || @domain_config.pf_ip_address) && (@domain_config.send(public_port_name) || @domain_config.pf_public_port_randomrange)
-                port_forwarding_rule = {
-                    :ipaddressid => @domain_config.pf_ip_address_id,
-                    :ipaddress => @domain_config.pf_ip_address,
-                    :protocol => 'tcp',
-                    :publicport => @domain_config.send(public_port_name),
-                    :privateport => @domain_config.send(private_port_name),
-                    :openfirewall => @domain_config.pf_open_firewall
-                }
+        def compose_server_creation_options
+          options = {
+              :display_name => @domain_config.display_name,
+              :group => @domain_config.group,
+              :zone_id => @zone.id,
+              :flavor_id => @service_offering.id,
+              :image_id => @template.id
+          }
 
-                public_port = create_randomport_forwarding_rule(
-                    port_forwarding_rule,
-                    @domain_config.pf_public_port_randomrange[:start]...@domain_config.pf_public_port_randomrange[:end],
-                    public_port_name
-                )
-                @domain_config.send("#{public_port_name}=", public_port)
-              end
-            end
+          unless @networks.empty?
+            nets = @networks.map(&:id).compact.join(",")
+            options['network_ids'] = nets unless nets.empty?
           end
+          options['security_group_ids'] = @security_groups.map {|security_group| security_group.id}.join(',') unless @security_groups.empty?
+          options['project_id'] = @domain_config.project_id unless @domain_config.project_id.nil?
+          options['key_name'] = @domain_config.keypair unless @domain_config.keypair.nil?
+          options['name'] = @domain_config.name unless @domain_config.name.nil?
+          options['ip_address'] = @domain_config.private_ip_address unless @domain_config.private_ip_address.nil?
+          options['disk_offering_id'] = @disk_offering.id unless @disk_offering.id.nil?
 
-          unless @domain_config.port_forwarding_rules.empty?
-            @domain_config.port_forwarding_rules.each do |port_forwarding_rule|
-              port_forwarding_rule[:ipaddressid] = @domain_config.pf_ip_address_id if port_forwarding_rule[:ipaddressid].nil?
-              port_forwarding_rule[:ipaddress] = @domain_config.pf_ip_address if port_forwarding_rule[:ipaddress].nil?
-              port_forwarding_rule[:protocol] = 'tcp' if port_forwarding_rule[:protocol].nil?
-              port_forwarding_rule[:openfirewall] = @domain_config.pf_open_firewall if port_forwarding_rule[:openfirewall].nil?
-              port_forwarding_rule[:publicport] = port_forwarding_rule[:privateport] if port_forwarding_rule[:publicport].nil?
-              port_forwarding_rule[:privateport] = port_forwarding_rule[:publicport] if port_forwarding_rule[:privateport].nil?
-
-              create_port_forwarding_rule(port_forwarding_rule)
+          if @domain_config.user_data != nil
+            options['user_data'] = Base64.urlsafe_encode64(@domain_config.user_data)
+            if options['user_data'].length > 2048
+              raise Errors::UserdataError,
+                    :userdataLength => options['user_data'].length
             end
           end
+          options
         end
 
-        def create_randomport_forwarding_rule(rule, randomrange, filename)
-          # Only if pf_public_port is nil, will generate and try
-          # Otherwise, functionaly the same as just create_port_forwarding_rule
-          pf_public_port = rule[:publicport]
-          retryable(:on => DuplicatePFRule, :tries => 10) do
-            begin
-              rule[:publicport] = rand(randomrange) if pf_public_port.nil?
+        def configure_networking
+          begin
+            enable_static_nat_rules
 
-              create_port_forwarding_rule(rule)
-              
-              if pf_public_port.nil?
-                pf_port_file = @env[:machine].data_dir.join(filename)
-                pf_port_file.open('a+') do |f|
-                  f.write("#{rule[:publicport]}")
-                end
-              end
-            rescue Errors::FogError => e
-              if pf_public_port.nil? && !(e.message =~ /The range specified,.*conflicts with rule.*which has/).nil?
-                raise DuplicatePFRule, :message => e.message
-              else
-                raise Errors::FogError, :message => e.message
-              end
-            end
-          end
-          pf_public_port.nil? ? (rule[:publicport]) : (pf_public_port)
-        end
-
-        def store_ssh_keypair(keyname, account = nil, domainid = nil, projectid = nil)
-          response = @env[:cloudstack_compute].create_ssh_key_pair(keyname, account, domainid, projectid)
-          sshkeypair = response['createsshkeypairresponse']['keypair']
+            configure_port_forwarding
 
-          # Save private key to file
-          sshkeyfile_file = @env[:machine].data_dir.join('sshkeyfile')
-          sshkeyfile_file.open('w') do |f|
-            f.write("#{sshkeypair['privatekey']}")
-          end
-          @domain_config.ssh_key = sshkeyfile_file.to_s
+            # First create_port_forwardings,
+            # as it may generate 'pf_public_port' or 'pf_public_rdp_port',
+            # which after this may need a firewall rule
+            configure_firewall
 
-          # Save keyname to file for terminate_instance
-          sshkeyname_file = @env[:machine].data_dir.join('sshkeyname')
-          sshkeyname_file.open('w') do |f|
-            f.write("#{sshkeypair['name']}")
-          end
-
-          @domain_config.keypair =  sshkeypair['name']
-        end
-
-        def store_password(server)
-          password = nil
-          if server.password_enabled and server.respond_to?('job_id')
-            server_job_result = @env[:cloudstack_compute].query_async_job_result({:jobid => server.job_id})
-            if server_job_result.nil?
-              @env[:ui].warn(' -- Failed to retrieve job_result for retrieving the password')
-              return
-            end
-
-            while true
-              server_job_result = @env[:cloudstack_compute].query_async_job_result({:jobid => server.job_id})
-              if server_job_result['queryasyncjobresultresponse']['jobstatus'] != 0
-                password = server_job_result['queryasyncjobresultresponse']['jobresult']['virtualmachine']['password']
-                break
-              else
-                sleep 2
-              end
-            end
-
-            @env[:ui].info("Password of virtualmachine: #{password}")
-            # Set the password on the current communicator
-            @domain_config.vm_password = password
-
-            # Save password to file
-            vmcredentials_file = @env[:machine].data_dir.join('vmcredentials')
-            vmcredentials_file.open('w') do |f|
-              f.write("#{password}")
-            end
+          rescue CloudstackResourceNotFound => e
+            @env[:ui].error(e.message)
+            terminate
+            exit(false)
           end
         end
 
-        def create_security_group(security_group)
-          begin
-            sgid = @env[:cloudstack_compute].create_security_group(:name        => security_group[:name],
-                                                                  :description => security_group[:description])['createsecuritygroupresponse']['securitygroup']['id']
-            security_group_object = CloudstackResource.new(sgid, security_group[:name], 'security_group')
-            @env[:ui].info(" -- Security Group #{security_group[:name]} created with ID: #{sgid}")
-          rescue Exception => e
-            if e.message =~ /already exis/
-              security_group_object = CloudstackResource.new(nil, security_group[:name], 'security_group')
-              @resource_service.sync_resource(security_group_object)
-              @env[:ui].info(" -- Security Group #{security_group_object.name} found with ID: #{security_group_object.id}")
+        def enable_static_nat_rules
+          unless @domain_config.static_nat.empty?
+            @domain_config.static_nat.each do |rule|
+              enable_static_nat(rule)
             end
           end
-
-          # security group is created and we have it's ID
-          # so we add the rules... Does it really matter if they already exist ? CLoudstack seems to take care of that!
-          security_group[:rules].each do |rule|
-            rule_options = {
-                :securityGroupId => security_group_object.id,
-                :protocol        => rule[:protocol],
-                :startport       => rule[:startport],
-                :endport         => rule[:endport],
-                :cidrlist        => rule[:cidrlist]
-            }
-
-            # The rule[:type] is either ingress or egress, but the method call looks the same.
-            # We build a dynamic method name and then send it off.
-            @env[:cloudstack_compute].send("authorize_security_group_#{rule[:type]}".to_sym, rule_options)
-            @env[:ui].info(" --- #{rule[:type].capitalize} Rule added: #{rule[:protocol]} from #{rule[:startport]} to #{rule[:endport]} (#{rule[:cidrlist]})")
-          end
-
-          # and record the security group ids for future deletion (of rules and groups if possible)
-          security_groups_file = @env[:machine].data_dir.join('security_groups')
-          security_groups_file.open('a+') do |f|
-            f.write("#{security_group_object.id}\n")
-          end
-          security_group_object
-        end
-
-        def recover(env)
-          return if env['vagrant.error'].is_a?(Vagrant::Errors::VagrantError)
-
-          if env[:machine].provider.state.id != :not_created
-            # Undo the import
-            terminate
-          end
         end
 
         def enable_static_nat(rule)
@@ -604,40 +362,118 @@ module VagrantPlugins
           end
         end
 
-        def create_port_forwarding_rule(rule)
-          port_forwarding_rule = nil
-          @env[:ui].info(I18n.t('vagrant_cloudstack.creating_port_forwarding_rule'))
+        def configure_port_forwarding
 
-          begin
-            ip_address = sync_ip_address(rule[:ipaddressid], rule[:ipaddress])
-          rescue IpNotFoundException
-            return
+          unless @pf_ip_address.is_undefined?
+            evaluate_pf_private_port
+            evaluate_pf_private_rdp_port
+            generate_and_apply_port_forwarding_rules_for_communicators
           end
 
-          @env[:ui].info(" -- IP address    : #{ip_address.name} (#{ip_address.id})")
-          @env[:ui].info(" -- Protocol      : #{rule[:protocol]}")
-          @env[:ui].info(" -- Public port   : #{rule[:publicport]}")
-          @env[:ui].info(" -- Private port  : #{rule[:privateport]}")
-          @env[:ui].info(" -- Open Firewall : #{rule[:openfirewall]}")
+          apply_port_forwarding_rules
+        end
 
-          if ip_address.details.has_key?('associatednetworkid')
-            network = @networks.find{ |f| f.id == ip_address.details['associatednetworkid']}
-          elsif ip_address.details.has_key?('vpcid')
-            # In case of VPC and ip has not yet been used, a network MUST be specified
-            network = @networks.find{ |f| f.details['vpcid'] == ip_address.details['vpcid']}
+        def get_communicator_short_name(communicator)
+          communicator_short_names = {
+            'VagrantPlugins::CommunicatorSSH::Communicator' => 'ssh',
+            'VagrantPlugins::CommunicatorWinRM::Communicator' => 'winrm'
+          }
+          communicator_short_names[communicator.class.name]
+        end
+
+        def evaluate_pf_private_port
+          return unless @domain_config.pf_private_port.nil?
+
+          communicator_short_name = get_communicator_short_name(@env[:machine].communicate)
+          communicator_config = @env[:machine].config.send(communicator_short_name)
+
+          @domain_config.pf_private_port = communicator_config.port if communicator_config.respond_to?('port')
+          @domain_config.pf_private_port = communicator_config.guest_port if communicator_config.respond_to?('guest_port')
+          @domain_config.pf_private_port = communicator_config.default.port if (communicator_config.respond_to?('default') && communicator_config.default.respond_to?('port'))
+        end
+
+        def evaluate_pf_private_rdp_port
+          @domain_config.pf_private_rdp_port = @env[:machine].config.vm.rdp.port if
+                                                  @env[:machine].config.vm.respond_to?(:rdp) &&
+                                                  @env[:machine].config.vm.rdp.respond_to?(:port)
+        end
+
+        def generate_and_apply_port_forwarding_rules_for_communicators
+          communicators_port_names = [Hash[:public_port => 'pf_public_port', :private_port => 'pf_private_port']]
+          communicators_port_names << Hash[:public_port => 'pf_public_rdp_port', :private_port => 'pf_private_rdp_port'] if is_windows_guest
+
+          communicators_port_names.each do |communicator_port_names|
+            public_port_name = communicator_port_names[:public_port]
+            private_port_name = communicator_port_names[:private_port]
+
+            next unless @domain_config.send(public_port_name) || @domain_config.pf_public_port_randomrange
+
+            port_forwarding_rule = {
+                :ipaddressid => @domain_config.pf_ip_address_id,
+                :ipaddress => @domain_config.pf_ip_address,
+                :protocol => 'tcp',
+                :publicport => @domain_config.send(public_port_name),
+                :privateport => @domain_config.send(private_port_name),
+                :openfirewall => @domain_config.pf_open_firewall
+            }
+
+            public_port = create_randomport_forwarding_rule(
+                port_forwarding_rule,
+                @domain_config.pf_public_port_randomrange[:start]...@domain_config.pf_public_port_randomrange[:end],
+                public_port_name
+            )
+            @domain_config.send("#{public_port_name}=", public_port)
           end
+        end
 
-          options = {
-              :networkid        => network.id,
-              :ipaddressid      => ip_address.id,
-              :publicport       => rule[:publicport],
-              :privateport      => rule[:privateport],
-              :protocol         => rule[:protocol],
-              :openfirewall     => rule[:openfirewall],
-              :virtualmachineid => @env[:machine].id
-          }
+        def create_randomport_forwarding_rule(rule, randomrange, filename)
+          pf_public_port = rule[:publicport]
+          retryable(:on => DuplicatePFRule, :tries => 10) do
+            begin
+              # Only if public port is missing, will generate a random one
+              rule[:publicport] = Kernel.rand(randomrange) if pf_public_port.nil?
+
+              apply_port_forwarding_rule(rule)
+
+              if pf_public_port.nil?
+                pf_port_file = @env[:machine].data_dir.join(filename)
+                pf_port_file.open('a+') do |f|
+                  f.write("#{rule[:publicport]}")
+                end
+              end
+            rescue Errors::FogError => e
+              if pf_public_port.nil? && !(e.message =~ /The range specified,.*conflicts with rule.*which has/).nil?
+                raise DuplicatePFRule, :message => e.message
+              else
+                raise Errors::FogError, :message => e.message
+              end
+            end
+          end
+          pf_public_port.nil? ? (rule[:publicport]) : (pf_public_port)
+        end
+
+        def apply_port_forwarding_rules
+          return if @domain_config.port_forwarding_rules.empty?
+
+          @domain_config.port_forwarding_rules.each do |port_forwarding_rule|
+            # Sanatize/defaults pf rule before applying
+            port_forwarding_rule[:ipaddressid] = @domain_config.pf_ip_address_id if port_forwarding_rule[:ipaddressid].nil?
+            port_forwarding_rule[:ipaddress] = @domain_config.pf_ip_address if port_forwarding_rule[:ipaddress].nil?
+            port_forwarding_rule[:protocol] = 'tcp' if port_forwarding_rule[:protocol].nil?
+            port_forwarding_rule[:openfirewall] = @domain_config.pf_open_firewall if port_forwarding_rule[:openfirewall].nil?
+            port_forwarding_rule[:publicport] = port_forwarding_rule[:privateport] if port_forwarding_rule[:publicport].nil?
+            port_forwarding_rule[:privateport] = port_forwarding_rule[:publicport] if port_forwarding_rule[:privateport].nil?
+
+            apply_port_forwarding_rule(port_forwarding_rule)
+          end
+        end
+
+        def apply_port_forwarding_rule(rule)
+          port_forwarding_rule = nil
+          @env[:ui].info(I18n.t('vagrant_cloudstack.creating_port_forwarding_rule'))
+
+          return unless (options = compose_port_forwarding_rule_creation_options(rule))
 
-          options.delete(:openfirewall) if network.details.has_key?('vpcid')
           begin
             resp = @env[:cloudstack_compute].create_port_forwarding_rule(options)
             job_id = resp['createportforwardingruleresponse']['jobid']
@@ -660,10 +496,124 @@ module VagrantPlugins
             raise Errors::FogError, :message => e.message
           end
 
-          # Save port forwarding rule id to the data dir so it can be released when the instance is destroyed
-          port_forwarding_file = @env[:machine].data_dir.join('port_forwarding')
-          port_forwarding_file.open('a+') do |f|
-            f.write("#{port_forwarding_rule['id']}\n")
+          store_port_forwarding_rules(port_forwarding_rule)
+        end
+
+        def compose_port_forwarding_rule_creation_options(rule)
+          begin
+            ip_address = sync_ip_address(rule[:ipaddressid], rule[:ipaddress])
+          rescue IpNotFoundException
+            return
+          end
+
+          @env[:ui].info(" -- IP address    : #{ip_address.name} (#{ip_address.id})")
+          @env[:ui].info(" -- Protocol      : #{rule[:protocol]}")
+          @env[:ui].info(" -- Public port   : #{rule[:publicport]}")
+          @env[:ui].info(" -- Private port  : #{rule[:privateport]}")
+          @env[:ui].info(" -- Open Firewall : #{rule[:openfirewall]}")
+
+          network = get_network_from_public_ip(ip_address)
+
+          options = {
+              :networkid => network.id,
+              :ipaddressid => ip_address.id,
+              :publicport => rule[:publicport],
+              :privateport => rule[:privateport],
+              :protocol => rule[:protocol],
+              :openfirewall => rule[:openfirewall],
+              :virtualmachineid => @env[:machine].id
+          }
+
+          options.delete(:openfirewall) if network.details.has_key?('vpcid')
+          options
+        end
+
+        def get_network_from_public_ip(ip_address)
+          if ip_address.details.has_key?('associatednetworkid')
+            network = @networks.find {|f| f.id == ip_address.details['associatednetworkid']}
+          elsif ip_address.details.has_key?('vpcid')
+            # In case of VPC and ip has not yet been used, a network MUST be specified
+            network = @networks.find {|f| f.details['vpcid'] == ip_address.details['vpcid']}
+          end
+          network
+        end
+
+        def configure_firewall
+          if @domain_config.pf_trusted_networks
+            generate_firewall_rules_for_communicators unless @pf_ip_address.is_undefined?
+            generate_firewall_rules_for_portforwarding_rules
+          end
+
+          return if @domain_config.firewall_rules.empty?
+          auto_complete_firewall_rules
+          apply_firewall_rules
+        end
+
+        def generate_firewall_rules_for_communicators
+
+          return if @pf_ip_address.is_undefined? ||
+              !@domain_config.pf_trusted_networks ||
+              @domain_config.pf_open_firewall
+
+          ports = [Hash[publicport: 'pf_public_port', privateport: 'pf_private_port']]
+          ports << Hash[publicport: 'pf_public_rdp_port', privateport: 'pf_private_rdp_port'] if is_windows_guest
+
+          ports.each do |port_set|
+            forward_portname = @pf_ip_address.details.key?('vpcid') ? port_set[:privateport] : port_set[:publicport]
+            check_portname = port_set[:publicport]
+
+            next unless @domain_config.send(check_portname)
+
+            # Allow access to public port from trusted networks only
+            fw_rule_trusted_networks = {
+                ipaddressid: @pf_ip_address.id,
+                ipaddress: @pf_ip_address.name,
+                protocol: 'tcp',
+                startport: @domain_config.send(forward_portname),
+                endport: @domain_config.send(forward_portname),
+                cidrlist: @domain_config.pf_trusted_networks.join(',')
+            }
+            @domain_config.firewall_rules = [] unless @domain_config.firewall_rules
+            @domain_config.firewall_rules << fw_rule_trusted_networks
+
+          end
+        end
+
+        def generate_firewall_rules_for_portforwarding_rules
+          @pf_ip_address.details.has_key?('vpcid') ? port_name = :privateport : port_name = :publicport
+
+          unless @domain_config.port_forwarding_rules.empty?
+            @domain_config.port_forwarding_rules.each do |port_forwarding_rule|
+              if port_forwarding_rule[:generate_firewall] && @domain_config.pf_trusted_networks && !port_forwarding_rule[:openfirewall]
+                # Allow access to public port from trusted networks only
+                fw_rule_trusted_networks = {
+                    :ipaddressid => port_forwarding_rule[:ipaddressid],
+                    :ipaddress => port_forwarding_rule[:ipaddress],
+                    :protocol => port_forwarding_rule[:protocol],
+                    :startport => port_forwarding_rule[port_name],
+                    :endport => port_forwarding_rule[port_name],
+                    :cidrlist => @domain_config.pf_trusted_networks.join(',')
+                }
+                @domain_config.firewall_rules = [] unless @domain_config.firewall_rules
+                @domain_config.firewall_rules << fw_rule_trusted_networks
+              end
+            end
+          end
+        end
+
+        def auto_complete_firewall_rules
+          @domain_config.firewall_rules.each do |firewall_rule|
+            firewall_rule[:ipaddressid] = @domain_config.pf_ip_address_id if firewall_rule[:ipaddressid].nil?
+            firewall_rule[:ipaddress] = @domain_config.pf_ip_address if firewall_rule[:ipaddress].nil?
+            firewall_rule[:cidrlist] = @domain_config.pf_trusted_networks.join(',') if firewall_rule[:cidrlist].nil?
+            firewall_rule[:protocol] = 'tcp' if firewall_rule[:protocol].nil?
+            firewall_rule[:startport] = firewall_rule[:endport] if firewall_rule[:startport].nil?
+          end
+        end
+
+        def apply_firewall_rules
+          @domain_config.firewall_rules.each do |firewall_rule|
+            create_firewall_rule(firewall_rule)
           end
         end
 
@@ -685,52 +635,74 @@ module VagrantPlugins
 
           if ip_address.details.has_key?('vpcid')
             network = @networks.find{ |f| f.id == ip_address.details['associatednetworkid']}
-            resp = @env[:cloudstack_compute].list_network_acl_lists({
-              id:  network.details['aclid']
-            })
+            acl_id = network.details['aclid']
+
+            raise CloudstackResourceNotFound.new("No ACL found associated with VPC tier #{network.details['name']} (id: #{network.details['id']})") unless acl_id
+
+            resp = @env[:cloudstack_compute].list_network_acl_lists(
+                id:  network.details[acl_id]
+            )
             acl_name = resp['listnetworkacllistsresponse']['networkacllist'][0]['name']
 
-            resp = @env[:cloudstack_compute].list_network_acls({
-              aclid:  network.details['aclid']
-            })
-            number = 0
-            if resp["listnetworkaclsresponse"].key?("networkacl")
-              resp["listnetworkaclsresponse"]["networkacl"].each{ |ace| number = [number, ace["number"]].max }
-            end
-            number = number+1
-
-            command_string  = 'createNetworkACL'
-            response_string = 'createnetworkaclresponse'
-            type_string = 'networkacl'
-            options = {
-                :command     => command_string,
-                :aclid       => network.details['aclid'],
-                :action      => 'Allow',
-                :protocol    => rule[:protocol],
-                :cidrlist    => rule[:cidrlist],
-                :startport   => rule[:startport],
-                :endport     => rule[:endport],
-                :icmpcode    => rule[:icmpcode],
-                :icmptype    => rule[:icmptype],
-                :number      => number,
-                :traffictype => 'Ingress'
-            }
+            options, response_string, type_string = compose_firewall_rule_creation_options_vpc(network, rule)
           else
-            command_string = 'createFirewallRule'
-            response_string = 'createfirewallruleresponse'
-            type_string = 'firewallrule'
-            options = {
-                :command          => command_string,
-                :ipaddressid      => ip_address.id,
-                :protocol         => rule[:protocol],
-                :cidrlist         => rule[:cidrlist],
-                :startport        => rule[:startport],
-                :endeport         => rule[:endport],
-                :icmpcode         => rule[:icmpcode],
-                :icmptype         => rule[:icmptype]
-            }
+            options, response_string, type_string = compose_firewall_rule_creation_options_non_vpc(ip_address, rule)
           end
 
+          firewall_rule = apply_firewall_rule(acl_name, options, response_string, type_string)
+
+          store_firewall_rule(firewall_rule, type_string) if firewall_rule
+        end
+
+        def compose_firewall_rule_creation_options_vpc(network, rule)
+          command_string = 'createNetworkACL'
+          response_string = 'createnetworkaclresponse'
+          type_string = 'networkacl'
+          options = {
+              :command => command_string,
+              :aclid => network.details['aclid'],
+              :action => 'Allow',
+              :protocol => rule[:protocol],
+              :cidrlist => rule[:cidrlist],
+              :startport => rule[:startport],
+              :endport => rule[:endport],
+              :icmpcode => rule[:icmpcode],
+              :icmptype => rule[:icmptype],
+              :traffictype => 'Ingress'
+          }
+          return options, response_string, type_string
+        end
+
+        def compose_firewall_rule_creation_options_non_vpc(ip_address, rule)
+          command_string = 'createFirewallRule'
+          response_string = 'createfirewallruleresponse'
+          type_string = 'firewallrule'
+          options = {
+              :command => command_string,
+              :ipaddressid => ip_address.id,
+              :protocol => rule[:protocol],
+              :cidrlist => rule[:cidrlist],
+              :startport => rule[:startport],
+              :endeport => rule[:endport],
+              :icmpcode => rule[:icmpcode],
+              :icmptype => rule[:icmptype]
+          }
+          return options, response_string, type_string
+        end
+
+        def get_next_free_acl_entry(network)
+          resp = @env[:cloudstack_compute].list_network_acls(
+              aclid: network.details['aclid']
+          )
+          number = 0
+          if resp["listnetworkaclsresponse"].key?("networkacl")
+            resp["listnetworkaclsresponse"]["networkacl"].each {|ace| number = [number, ace["number"]].max}
+          end
+          number = number+1
+        end
+
+        def apply_firewall_rule(acl_name, options, response_string, type_string)
+          firewall_rule = nil
           begin
             resp = @env[:cloudstack_compute].request(options)
             job_id = resp[response_string]['jobid']
@@ -758,7 +730,77 @@ module VagrantPlugins
               raise Errors::FogError, :message => e.message
             end
           end
+          firewall_rule
+        end
+
+        def is_windows_guest
+          false || @env[:machine].config.vm.guest == :windows || get_communicator_short_name(@env[:machine].communicate) == 'winrm'
+        end
+
+        def generate_ssh_keypair(keyname, account = nil, domainid = nil, projectid = nil)
+          response = @env[:cloudstack_compute].create_ssh_key_pair(keyname, account, domainid, projectid)
+          sshkeypair = response['createsshkeypairresponse']['keypair']
+
+          # Save private key to file
+          sshkeyfile_file = @env[:machine].data_dir.join('sshkeyfile')
+          sshkeyfile_file.open('w') do |f|
+            f.write("#{sshkeypair['privatekey']}")
+          end
+          @domain_config.ssh_key = sshkeyfile_file.to_s
+
+          sshkeyname_file = @env[:machine].data_dir.join('sshkeyname')
+          sshkeyname_file.open('w') do |f|
+            f.write("#{sshkeypair['name']}")
+          end
+
+          @domain_config.keypair =  sshkeypair['name']
+        end
+
+        def store_password
+          password = nil
+          if @server.password_enabled and @server.respond_to?('job_id')
+            server_job_result = @env[:cloudstack_compute].query_async_job_result({:jobid => @server.job_id})
+            if server_job_result.nil?
+              @env[:ui].warn(' -- Failed to retrieve job_result for retrieving the password')
+              return
+            end
+
+            while true
+              server_job_result = @env[:cloudstack_compute].query_async_job_result({:jobid => @server.job_id})
+              if server_job_result['queryasyncjobresultresponse']['jobstatus'] != 0
+                password = server_job_result['queryasyncjobresultresponse']['jobresult']['virtualmachine']['password']
+                break
+              else
+                sleep 2
+              end
+            end
+
+            @env[:ui].info("Password of virtualmachine: #{password}")
+            # Set the password on the current communicator
+            @domain_config.vm_password = password
+
+            # Save password to file
+            vmcredentials_file = @env[:machine].data_dir.join('vmcredentials')
+            vmcredentials_file.open('w') do |f|
+              f.write("#{password}")
+            end
+          end
+        end
+
+        def store_volumes
+          volumes = @env[:cloudstack_compute].volumes.find_all { |f| f.server_id == @server.id }
+          # volumes refuses to be iterated directly, do it by index
+          (0...volumes.length).each do |idx|
+            unless volumes[idx].type == 'ROOT'
+              volumes_file = @env[:machine].data_dir.join('volumes')
+              volumes_file.open('a+') do |f|
+                f.write("#{volumes[idx].id}\n")
+              end
+            end
+          end
+        end
 
+        def store_firewall_rule(firewall_rule, type_string)
           unless firewall_rule.nil?
             # Save firewall rule id to the data dir so it can be released when the instance is destroyed
             firewall_file = @env[:machine].data_dir.join('firewall')
@@ -768,6 +810,73 @@ module VagrantPlugins
           end
         end
 
+        def store_port_forwarding_rules(port_forwarding_rule)
+          port_forwarding_file = @env[:machine].data_dir.join('port_forwarding')
+          port_forwarding_file.open('a+') do |f|
+            f.write("#{port_forwarding_rule['id']}\n")
+          end
+        end
+
+        def store_security_groups(security_group_object)
+          security_groups_file = @env[:machine].data_dir.join('security_groups')
+          security_groups_file.open('a+') do |f|
+            f.write("#{security_group_object.id}\n")
+          end
+          security_group_object
+        end
+
+        def wait_for_communicator_ready
+          @env[:metrics]['instance_ssh_time'] = Util::Timer.time do
+            # Wait for communicator to be ready.
+            communicator_short_name = get_communicator_short_name(@env[:machine].communicate)
+            @env[:ui].info(
+              I18n.t('vagrant_cloudstack.waiting_for_communicator',
+                     communicator: communicator_short_name.to_s.upcase)
+            )
+            while true
+              # If we're interrupted then just back out
+              break if @env[:interrupted]
+              break if @env[:machine].communicate.ready?
+              sleep 2
+            end
+          end
+          @logger.info("Time for SSH ready: #{@env[:metrics]['instance_ssh_time']}")
+        end
+
+        def wait_for_instance_ready
+          @env[:metrics]['instance_ready_time'] = Util::Timer.time do
+            tries = @domain_config.instance_ready_timeout / 2
+
+            @env[:ui].info(I18n.t('vagrant_cloudstack.waiting_for_ready'))
+            begin
+              retryable(:on => Fog::Errors::TimeoutError, :tries => tries) do
+                # If we're interrupted don't worry about waiting
+                next if @env[:interrupted]
+
+                # Wait for the server to be ready
+                @server.wait_for(2) { ready? }
+              end
+            rescue Fog::Errors::TimeoutError
+              # Delete the instance
+              terminate
+
+              # Notify the user
+              raise Errors::InstanceReadyTimeout,
+                    :timeout => @domain_config.instance_ready_timeout
+            end
+          end
+          @logger.info("Time to instance ready: #{@env[:metrics]['instance_ready_time']}")
+        end
+
+        def recover(env)
+          return if env['vagrant.error'].is_a?(Vagrant::Errors::VagrantError)
+
+          if env[:machine].provider.state.id != :not_created
+            # Undo the import
+            terminate
+          end
+        end
+
         def terminate
           destroy_env = @env.dup
           destroy_env.delete(:interrupted)