diff --git a/exercise.sh b/exercise.sh
index dc8163f..f35adef 100755
--- a/exercise.sh
+++ b/exercise.sh
@@ -19,6 +19,9 @@ set -o xtrace
 # Settings
 # ========
 
+# Use stackrc and localrc for settings
+source ./stackrc
+
 HOST=${HOST:-localhost}
 
 # Nova original used project_id as the *account* that owned resources (servers,
@@ -33,7 +36,7 @@ export NOVA_PROJECT_ID=${TENANT:-demo}
 export NOVA_USERNAME=${USERNAME:-demo}
 
 # With Keystone you pass the keystone password instead of an api key.
-export NOVA_API_KEY=${PASSWORD:-secrete}
+export NOVA_API_KEY=${ADMIN_PASSWORD:-secrete}
 
 # With the addition of Keystone, to use an openstack cloud you should 
 # authenticate against keystone, which returns a **Token** and **Service 
@@ -82,6 +85,15 @@ glance -A $TOKEN index
 # Let's grab the id of the first AMI image to launch
 IMAGE=`glance -A $TOKEN index | egrep ami | cut -d" " -f1`
 
+# Security Groups
+# ---------------
+SECGROUP=test_secgroup
+
+# List of secgroups:
+nova secgroup-list
+
+# Create a secgroup
+nova secgroup-create $SECGROUP "test_secgroup description"
 
 # Flavors
 # -------
@@ -92,9 +104,9 @@ nova flavor-list
 # and grab the first flavor in the list to launch
 FLAVOR=`nova flavor-list | head -n 4 | tail -n 1 | cut -d"|" -f2`
 
-NAME="firstpost"
+NAME="myserver"
 
-nova boot --flavor $FLAVOR --image $IMAGE $NAME
+nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP
 
 # let's give it 10 seconds to launch
 sleep 10
@@ -113,10 +125,47 @@ ping -c1 -w1 $IP || true
 sleep 5
 
 ping -c1 -w1 $IP 
+# allow icmp traffic
+nova secgroup-add-rule $SECGROUP icmp -1 -1 0.0.0.0/0
+
+# List rules for a secgroup
+nova secgroup-list-rules $SECGROUP
+
+# allocate a floating ip
+nova floating-ip-create
+
+# store  floating address
+FIP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed 's/ //g'`
+
+# add floating ip to our server
+nova add-floating-ip $NAME $FIP
+
+# sleep for a smidge
+sleep 1
+
+# ping our fip
+ping -c1 -w1 $FIP
+
+# dis-allow icmp traffic
+nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0
+
+# sleep for a smidge
+sleep 1
+
+# ping our fip
+if ( ping -c1 -w1 $FIP); then
+    print "Security group failure - ping should not be allowed!"
+    exit 1
+fi
+
+# de-allocate the floating ip
+nova floating-ip-delete $FIP
 
 # shutdown the server
 nova delete $NAME
 
+# Delete a secgroup
+nova secgroup-delete $SECGROUP
+
 # FIXME: validate shutdown within 5 seconds 
 # (nova show $NAME returns 1 or status != ACTIVE)?
-
diff --git a/stack.sh b/stack.sh
index a953c9e..f603ce1 100755
--- a/stack.sh
+++ b/stack.sh
@@ -290,6 +290,13 @@ sudo PIP_DOWNLOAD_CACHE=/var/cache/pip pip install `cat $FILES/pips/*`
 # be owned by the installation user, we create the directory and change the
 # ownership to the proper user.
 function git_clone {
+    # if there is an existing checkout, move it out of the way
+    if [[ "$RECLONE" == "yes" ]]; then
+        if [ -d $2 ]; then
+            mv $2 /tmp/stack.`date +%s`
+        fi
+    fi
+
     if [ ! -d $2 ]; then
         sudo mkdir $2
         sudo chown `whoami` $2
@@ -297,13 +304,6 @@ function git_clone {
         cd $2
         # This checkout syntax works for both branches and tags
         git checkout $3
-    elif [[ "$RESET_BRANCHES" == "yes" ]]; then
-        cd $2
-        git remote set-url origin $1
-        git fetch origin
-        git checkout origin/$3
-        git branch -D $3
-        git checkout -b $3
     fi
 }
 
diff --git a/tools/build_lxc.sh b/tools/build_lxc.sh
index 580581b..df9e32e 100755
--- a/tools/build_lxc.sh
+++ b/tools/build_lxc.sh
@@ -125,6 +125,7 @@ fi
 # Make sure that base requirements are installed
 chroot $CACHEDIR apt-get update
 chroot $CACHEDIR apt-get install -y --force-yes `cat files/apts/* | cut -d\# -f1 | egrep -v "(rabbitmq|libvirt-bin|mysql-server)"`
+chroot $CACHEDIR apt-get install -y --download-only rabbitmq-server libvirt-bin mysql-server
 chroot $CACHEDIR pip install `cat files/pips/*`
 
 # Clean out code repos if directed to do so
@@ -137,10 +138,12 @@ mkdir -p $CACHEDIR/$DEST
 git_clone $NOVA_REPO $CACHEDIR/$DEST/nova $NOVA_BRANCH
 git_clone $GLANCE_REPO $CACHEDIR/$DEST/glance $GLANCE_BRANCH
 git_clone $KEYSTONE_REPO $CACHEDIR/$DESTkeystone $KEYSTONE_BRANCH
-git_clone $NOVNC_REPO $CACHEDIR/$DEST/novnc $NOVNC_BRANCH
+git_clone $NOVNC_REPO $CACHEDIR/$DEST/noVNC $NOVNC_BRANCH
 git_clone $DASH_REPO $CACHEDIR/$DEST/dash $DASH_BRANCH $DASH_TAG
 git_clone $NOVACLIENT_REPO $CACHEDIR/$DEST/python-novaclient $NOVACLIENT_BRANCH
 git_clone $OPENSTACKX_REPO $CACHEDIR/$DEST/openstackx $OPENSTACKX_BRANCH
+git_clone $KEYSTONE_REPO $CACHEDIR/$DEST/keystone $KEYSTONE_BRANCH
+git_clone $NOVNC_REPO $CACHEDIR/$DEST/novnc $NOVNC_BRANCH
 
 # Use this version of devstack?
 if [ "$USE_CURRENT_DEVSTACK" = "1" ]; then