From 2eae0f5385fb76eb9d554e5460ef1da56936579b Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Wed, 19 May 2021 13:00:17 +0530
Subject: [PATCH 1/5] SystemVM: Set agent state to disconnected on Stopping the
 systemVM (#5010)

Fixes: #4972
This PR sets systevms' agent state to disconnected when it is stopped. Currently, when a systemVM (Console Proxy VM / Secondary storage VM) is stopped, the agent state still appears to be 'Up'
---
 api/src/main/java/com/cloud/host/Status.java             | 3 +++
 api/src/main/java/com/cloud/vm/VirtualMachine.java       | 3 +++
 .../java/com/cloud/vm/VirtualMachineManagerImpl.java     | 9 +++++++++
 .../src/main/java/com/cloud/api/ApiResponseHelper.java   | 2 +-
 4 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/api/src/main/java/com/cloud/host/Status.java b/api/src/main/java/com/cloud/host/Status.java
index e381115db41..5dc82bbfaef 100644
--- a/api/src/main/java/com/cloud/host/Status.java
+++ b/api/src/main/java/com/cloud/host/Status.java
@@ -131,6 +131,9 @@ public enum Status {
         s_fsm.addTransition(Status.Up, Event.PingTimeout, Status.Alert);
         s_fsm.addTransition(Status.Up, Event.AgentDisconnected, Status.Alert);
         s_fsm.addTransition(Status.Up, Event.ShutdownRequested, Status.Disconnected);
+        s_fsm.addTransition(Status.Disconnected, Event.ShutdownRequested, Status.Disconnected);
+        s_fsm.addTransition(Status.Down, Event.ShutdownRequested, Status.Disconnected);
+        s_fsm.addTransition(Status.Rebalancing, Event.ShutdownRequested, Status.Disconnected);
         s_fsm.addTransition(Status.Up, Event.HostDown, Status.Down);
         s_fsm.addTransition(Status.Up, Event.Ping, Status.Up);
         s_fsm.addTransition(Status.Up, Event.AgentConnected, Status.Connecting);
diff --git a/api/src/main/java/com/cloud/vm/VirtualMachine.java b/api/src/main/java/com/cloud/vm/VirtualMachine.java
index 4d6014f0a94..829e743df73 100644
--- a/api/src/main/java/com/cloud/vm/VirtualMachine.java
+++ b/api/src/main/java/com/cloud/vm/VirtualMachine.java
@@ -20,6 +20,8 @@ import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
+import java.util.HashSet;
 
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.api.Displayable;
@@ -186,6 +188,7 @@ public interface VirtualMachine extends RunningOn, ControlledEntity, Partition,
         }
     }
 
+    static final Set<Type> systemVMs = new HashSet<>(Arrays.asList(VirtualMachine.Type.ConsoleProxy, VirtualMachine.Type.SecondaryStorageVm));
     static final String IsDynamicScalingEnabled = "enable.dynamic.scaling";
 
     public enum Event {
diff --git a/engine/orchestration/src/main/java/com/cloud/vm/VirtualMachineManagerImpl.java b/engine/orchestration/src/main/java/com/cloud/vm/VirtualMachineManagerImpl.java
index 28f875366d1..6dde706a5a3 100755
--- a/engine/orchestration/src/main/java/com/cloud/vm/VirtualMachineManagerImpl.java
+++ b/engine/orchestration/src/main/java/com/cloud/vm/VirtualMachineManagerImpl.java
@@ -40,6 +40,7 @@ import java.util.concurrent.TimeUnit;
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
+import com.cloud.api.ApiDBUtils;
 import org.apache.cloudstack.affinity.dao.AffinityGroupVMMapDao;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.command.admin.vm.MigrateVMCmd;
@@ -1984,6 +1985,14 @@ public class VirtualMachineManagerImpl extends ManagerBase implements VirtualMac
                     s_logger.warn("Unable to actually stop " + vm + " but continue with release because it's a force stop");
                     vmGuru.finalizeStop(profile, answer);
                 }
+            } else {
+                if (VirtualMachine.systemVMs.contains(vm.getType())) {
+                    HostVO systemVmHost = ApiDBUtils.findHostByTypeNameAndZoneId(vm.getDataCenterId(), vm.getHostName(),
+                            VirtualMachine.Type.SecondaryStorageVm.equals(vm.getType()) ? Host.Type.SecondaryStorageVM : Host.Type.ConsoleProxy);
+                    if (systemVmHost != null) {
+                        _agentMgr.agentStatusTransitTo(systemVmHost, Status.Event.ShutdownRequested, _nodeId);
+                    }
+                }
             }
         }
 
diff --git a/server/src/main/java/com/cloud/api/ApiResponseHelper.java b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
index a7da96a8241..0bbc0227f1f 100644
--- a/server/src/main/java/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
@@ -1450,7 +1450,7 @@ public class ApiResponseHelper implements ResponseGenerator {
                 }
             }
 
-            if (vm.getType() == Type.SecondaryStorageVm || vm.getType() == Type.ConsoleProxy) {
+            if (VirtualMachine.systemVMs.contains(vm.getType())) {
                 Host systemVmHost = ApiDBUtils.findHostByTypeNameAndZoneId(vm.getDataCenterId(), vm.getHostName(),
                         Type.SecondaryStorageVm.equals(vm.getType()) ? Host.Type.SecondaryStorageVM : Host.Type.ConsoleProxy);
                 if (systemVmHost != null) {

From 5f734f718eb80cfccc83604892b20ec6068e6589 Mon Sep 17 00:00:00 2001
From: Spaceman1984 <49917670+Spaceman1984@users.noreply.github.com>
Date: Wed, 19 May 2021 11:03:16 +0200
Subject: [PATCH 2/5] vmware: Disk controller vmware deploy as is (#5006)

Fixes #4344
---
 .../vmware/resource/VmwareResource.java       | 46 ++-----------------
 .../java/com/cloud/vm/UserVmManagerImpl.java  |  7 +++
 ui/src/components/view/DetailSettings.vue     | 11 +++--
 3 files changed, 18 insertions(+), 46 deletions(-)

diff --git a/plugins/hypervisors/vmware/src/main/java/com/cloud/hypervisor/vmware/resource/VmwareResource.java b/plugins/hypervisors/vmware/src/main/java/com/cloud/hypervisor/vmware/resource/VmwareResource.java
index b5bfa9800fa..4702dcee5d9 100644
--- a/plugins/hypervisors/vmware/src/main/java/com/cloud/hypervisor/vmware/resource/VmwareResource.java
+++ b/plugins/hypervisors/vmware/src/main/java/com/cloud/hypervisor/vmware/resource/VmwareResource.java
@@ -2067,9 +2067,7 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
                 }
 
                 VirtualMachineDiskInfo matchingExistingDisk = getMatchingExistingDisk(diskInfoBuilder, vol, hyperHost, context);
-                controllerKey = getDiskController(matchingExistingDisk, vol, vmSpec, ideControllerKey, scsiControllerKey);
-                String diskController = getDiskController(vmMo, matchingExistingDisk, vol, controllerInfo);
-
+                String diskController = getDiskController(vmMo, matchingExistingDisk, vol, controllerInfo, deployAsIs);
                 if (DiskControllerType.getType(diskController) == DiskControllerType.osdefault) {
                     diskController = vmMo.getRecommendedDiskController(null);
                 }
@@ -3273,47 +3271,9 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
         return null;
     }
 
-    private int getDiskController(VirtualMachineDiskInfo matchingExistingDisk, DiskTO vol, VirtualMachineTO vmSpec, int ideControllerKey, int scsiControllerKey) {
-
-        int controllerKey;
-        if (matchingExistingDisk != null) {
-            s_logger.info("Chose disk controller based on existing information: " + matchingExistingDisk.getDiskDeviceBusName());
-            if (matchingExistingDisk.getDiskDeviceBusName().startsWith("ide"))
-                return ideControllerKey;
-            else
-                return scsiControllerKey;
-        }
-
-        if (vol.getType() == Volume.Type.ROOT) {
-            Map<String, String> vmDetails = vmSpec.getDetails();
-            if (vmDetails != null && vmDetails.get(VmDetailConstants.ROOT_DISK_CONTROLLER) != null) {
-                if (vmDetails.get(VmDetailConstants.ROOT_DISK_CONTROLLER).equalsIgnoreCase("scsi")) {
-                    s_logger.info("Chose disk controller for vol " + vol.getType() + " -> scsi, based on root disk controller settings: "
-                            + vmDetails.get(VmDetailConstants.ROOT_DISK_CONTROLLER));
-                    controllerKey = scsiControllerKey;
-                } else {
-                    s_logger.info("Chose disk controller for vol " + vol.getType() + " -> ide, based on root disk controller settings: "
-                            + vmDetails.get(VmDetailConstants.ROOT_DISK_CONTROLLER));
-                    controllerKey = ideControllerKey;
-                }
-            } else {
-                s_logger.info("Chose disk controller for vol " + vol.getType() + " -> scsi. due to null root disk controller setting");
-                controllerKey = scsiControllerKey;
-            }
-
-        } else {
-            // DATA volume always use SCSI device
-            s_logger.info("Chose disk controller for vol " + vol.getType() + " -> scsi");
-            controllerKey = scsiControllerKey;
-        }
-
-        return controllerKey;
-    }
-
-    private String getDiskController(VirtualMachineMO vmMo, VirtualMachineDiskInfo matchingExistingDisk, DiskTO vol, Pair<String, String> controllerInfo) throws Exception {
-        int controllerKey;
+    private String getDiskController(VirtualMachineMO vmMo, VirtualMachineDiskInfo matchingExistingDisk, DiskTO vol, Pair<String, String> controllerInfo, boolean deployAsIs) throws Exception {
         DiskControllerType controllerType = DiskControllerType.none;
-        if (matchingExistingDisk != null) {
+        if (deployAsIs && matchingExistingDisk != null) {
             String currentBusName = matchingExistingDisk.getDiskDeviceBusName();
             if (currentBusName != null) {
                 s_logger.info("Chose disk controller based on existing information: " + currentBusName);
diff --git a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
index b4ef74f92f5..0784d50a60e 100644
--- a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
@@ -2521,6 +2521,13 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
         String extraConfig = cmd.getExtraConfig();
 
         UserVmVO vmInstance = _vmDao.findById(cmd.getId());
+        if (MapUtils.isNotEmpty(details) || cmd.isCleanupDetails()) {
+            VMTemplateVO template = _templateDao.findById(vmInstance.getTemplateId());
+            if (template != null && template.isDeployAsIs()) {
+                throw new CloudRuntimeException("Detail settings are read from OVA, it cannot be changed by API call.");
+            }
+        }
+
         long accountId = vmInstance.getAccountId();
 
         if (isDisplayVm != null && isDisplayVm != vmInstance.isDisplay()) {
diff --git a/ui/src/components/view/DetailSettings.vue b/ui/src/components/view/DetailSettings.vue
index 9bb72fffca4..2571bed9e65 100644
--- a/ui/src/components/view/DetailSettings.vue
+++ b/ui/src/components/view/DetailSettings.vue
@@ -80,11 +80,12 @@
           slot="actions"
           v-if="!disableSettings && 'updateTemplate' in $store.getters.apis &&
             'updateVirtualMachine' in $store.getters.apis && isAdminOrOwner() && allowEditOfDetail(item.name)">
-          <tootip-button :tooltip="$t('label.cancel')" @click="hideEditDetail(index)" v-if="item.edit" iconType="close-circle" iconTwoToneColor="#f5222d" />
-          <tootip-button :tooltip="$t('label.ok')" @click="updateDetail(index)" v-if="item.edit" iconType="check-circle" iconTwoToneColor="#52c41a" />
+          <tooltip-button :tooltip="$t('label.cancel')" @click="hideEditDetail(index)" v-if="item.edit" iconType="close-circle" iconTwoToneColor="#f5222d" />
+          <tooltip-button :tooltip="$t('label.ok')" @click="updateDetail(index)" v-if="item.edit" iconType="check-circle" iconTwoToneColor="#52c41a" />
           <tooltip-button
             :tooltip="$t('label.edit')"
             icon="edit"
+            :disabled="deployasistemplate === true"
             v-if="!item.edit"
             @click="showEditDetail(index)" />
         </div>
@@ -99,7 +100,7 @@
             :cancelText="$t('label.no')"
             placement="left"
           >
-            <tooltip-button :tooltip="$t('label.delete')" type="danger" icon="delete" />
+            <tooltip-button :tooltip="$t('label.delete')" :disabled="deployasistemplate === true" type="danger" icon="delete" />
           </a-popconfirm>
         </div>
       </a-list-item>
@@ -130,6 +131,7 @@ export default {
       newValue: '',
       loading: false,
       resourceType: 'UserVm',
+      deployasistemplate: false,
       error: false
     }
   },
@@ -163,6 +165,9 @@ export default {
         this.detailOptions = json.listdetailoptionsresponse.detailoptions.details
       })
       this.disableSettings = (this.$route.meta.name === 'vm' && this.resource.state !== 'Stopped')
+      api('listTemplates', { templatefilter: 'all', id: this.resource.templateid }).then(json => {
+        this.deployasistemplate = json.listtemplatesresponse.template[0].deployasis
+      })
     },
     filterOrReadOnlyDetails () {
       for (var i = 0; i < this.details.length; i++) {

From 5cbc1d9b18353b71f79fd208f00340df58a5c856 Mon Sep 17 00:00:00 2001
From: Spaceman1984 <49917670+Spaceman1984@users.noreply.github.com>
Date: Fri, 21 May 2021 11:45:24 +0200
Subject: [PATCH 3/5] Fixed invalid ostypeid when not using deployasis (#5033)

---
 .../command/user/template/GetUploadParamsForTemplateCmd.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/template/GetUploadParamsForTemplateCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/template/GetUploadParamsForTemplateCmd.java
index 2fafe933968..6dbaddb4d4f 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/template/GetUploadParamsForTemplateCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/template/GetUploadParamsForTemplateCmd.java
@@ -183,7 +183,7 @@ public class GetUploadParamsForTemplateCmd extends AbstractGetUploadParamsCmd {
         if (!hypervisor.equalsIgnoreCase(Hypervisor.HypervisorType.VMware.toString()) && osTypeId == null) {
             throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Missing parameter ostypeid");
         }
-        if (hypervisor.equalsIgnoreCase(Hypervisor.HypervisorType.VMware.toString()) && osTypeId != null) {
+        if (hypervisor.equalsIgnoreCase(Hypervisor.HypervisorType.VMware.toString()) && deployAsIs && osTypeId != null) {
             throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Invalid parameter ostypeid, not applicable for VMware");
         }
     }

From c6ba3d1bea7ab0123b35551376fd858a2016bce2 Mon Sep 17 00:00:00 2001
From: Wei Zhou <57355700+weizhouapache@users.noreply.github.com>
Date: Fri, 21 May 2021 11:45:54 +0200
Subject: [PATCH 4/5] ui: Make 'ACL' field as mandatory and add warning message
 for default_allow and default_deny (#5003)

Co-authored-by: Wei Zhou <weizhouapache@gmail.com>
---
 ui/public/locales/en.json            |  2 ++
 ui/src/views/network/VpcTab.vue      |  2 +-
 ui/src/views/network/VpcTiersTab.vue | 26 +++++++++++++++++++-------
 3 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 8115739da8d..15d90bc0ae5 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -2953,6 +2953,8 @@
 "message.move.acl.order.failed": "Failed to move ACL rule",
 "message.move.acl.order.processing": "Moving ACL rule...",
 "message.ncc.delete.confirm": "Please confirm you want to delete this NCC",
+"message.network.acl.default.allow": "Warning: With this policy all traffic will be allowed through the firewall to this VPC tier. You should consider securing your network.",
+"message.network.acl.default.deny": "Warning: With this policy all traffic will be denied through the firewall to this VPC tier. In order to allow traffic through you will need to change policies.",
 "message.network.addvm.desc": "Please specify the network that you would like to add this VM to. A new NIC will be added for this network.",
 "message.network.addvmnic": "Please confirm that you would like to add a new VM NIC for this network.",
 "message.network.description": "Setup network and traffic",
diff --git a/ui/src/views/network/VpcTab.vue b/ui/src/views/network/VpcTab.vue
index a4ecb49e36b..ae349590b93 100644
--- a/ui/src/views/network/VpcTab.vue
+++ b/ui/src/views/network/VpcTab.vue
@@ -176,7 +176,7 @@
               <a-form-item :label="$t('label.aclid')">
                 <a-select v-decorator="['acl']">
                   <a-select-option v-for="item in networkAcls" :key="item.id" :value="item.id">
-                    {{ item.name }}
+                    <strong>{{ item.name }}</strong> ({{ item.description }})
                   </a-select-option>
                 </a-select>
               </a-form-item>
diff --git a/ui/src/views/network/VpcTiersTab.vue b/ui/src/views/network/VpcTiersTab.vue
index 8db3954e614..ffa4477be89 100644
--- a/ui/src/views/network/VpcTiersTab.vue
+++ b/ui/src/views/network/VpcTiersTab.vue
@@ -190,12 +190,20 @@
               v-decorator="['externalId']"></a-input>
           </a-form-item>
           <a-form-item :label="$t('label.aclid')">
-            <a-select v-decorator="['acl']">
+            <a-select
+              v-decorator="['acl',{rules: [{ required: true, message: `${$t('label.required')}` }]}]"
+              @change="val => { this.handleNetworkAclChange(val) }">
               <a-select-option v-for="item in networkAclList" :key="item.id" :value="item.id">
-                {{ item.name }}
+                <strong>{{ item.name }}</strong> ({{ item.description }})
               </a-select-option>
             </a-select>
           </a-form-item>
+          <a-alert v-if="this.selectedNetworkAcl.name==='default_allow'" type="warning" show-icon>
+            <span slot="message" v-html="$t('message.network.acl.default.allow')" />
+          </a-alert>
+          <a-alert v-else-if="this.selectedNetworkAcl.name==='default_deny'" type="warning" show-icon>
+            <span slot="message" v-html="$t('message.network.acl.default.deny')" />
+          </a-alert>
         </a-form>
       </a-spin>
     </a-modal>
@@ -279,6 +287,7 @@ export default {
       showAddInternalLB: false,
       networkOfferings: [],
       networkAclList: [],
+      selectedNetworkAcl: {},
       modalLoading: false,
       internalLB: {},
       LBPublicIPs: {},
@@ -412,11 +421,7 @@ export default {
       this.modalLoading = true
       api('listNetworkACLLists', { vpcid: this.resource.id }).then(json => {
         this.networkAclList = json.listnetworkacllistsresponse.networkacllist || []
-        this.$nextTick(function () {
-          this.form.setFieldsValue({
-            acl: this.networkAclList[0].id
-          })
-        })
+        this.handleNetworkAclChange(null)
       }).catch(error => {
         this.$notifyError(error)
       }).finally(() => {
@@ -519,6 +524,13 @@ export default {
         this.fetchLoading = false
       })
     },
+    handleNetworkAclChange (aclId) {
+      if (aclId) {
+        this.selectedNetworkAcl = this.networkAclList.filter(acl => acl.id === aclId)[0]
+      } else {
+        this.selectedNetworkAcl = {}
+      }
+    },
     closeModal () {
       this.$emit('close-action')
     },

From d47e2733299a77f0e3aa90c0eb23da06e1efd376 Mon Sep 17 00:00:00 2001
From: slavkap <51903378+slavkap@users.noreply.github.com>
Date: Fri, 21 May 2021 12:49:04 +0300
Subject: [PATCH 5/5] server: Prevent NPE if hypervisor's capabilities are null
 (#5029)

If the hypervisor's capabilities are null, CloudRuntimeException will be thrown;
Format the error message.
---
 .../java/com/cloud/vm/UserVmManagerImpl.java  | 22 +++++++------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
index 0784d50a60e..edbc458d523 100644
--- a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
@@ -6201,22 +6201,16 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
 
         HypervisorCapabilitiesVO capabilities = _hypervisorCapabilitiesDao.findByHypervisorTypeAndVersion(srcHost.getHypervisorType(), srcHost.getHypervisorVersion());
 
-        if (capabilities == null && HypervisorType.KVM.equals(srcHost.getHypervisorType())) {
+        if (capabilities == null) {
+            if (!HypervisorType.KVM.equals(srcHost.getHypervisorType())) {
+                throw new CloudRuntimeException(String.format("Cannot migrate VM with storage, as the capabilities are not found for the hypervisor %s with version %s", srcHost.getHypervisorType(), srcHost.getHypervisorVersion()));
+            }
             List<HypervisorCapabilitiesVO> lstHypervisorCapabilities = _hypervisorCapabilitiesDao.listAllByHypervisorType(HypervisorType.KVM);
 
-            if (lstHypervisorCapabilities != null) {
-                for (HypervisorCapabilitiesVO hypervisorCapabilities : lstHypervisorCapabilities) {
-                    if (hypervisorCapabilities.isStorageMotionSupported()) {
-                        capabilities = hypervisorCapabilities;
-
-                        break;
-                    }
-                }
-            }
-        }
-
-        if (!capabilities.isStorageMotionSupported()) {
-            throw new CloudRuntimeException("Migration with storage isn't supported on hypervisor " + srcHost.getHypervisorType() + " of version " + srcHost.getHypervisorVersion());
+            capabilities = lstHypervisorCapabilities.stream().filter(hvCapabilities -> hvCapabilities.isStorageMotionSupported()).findAny()
+            .orElseThrow(() -> new CloudRuntimeException(String.format("Cannot migrate VM with storage, as the capabilities are not found for the hypervisor %s with version %s", srcHost.getHypervisorType(), srcHost.getHypervisorVersion())));
+        } else if (!capabilities.isStorageMotionSupported()) {
+            throw new CloudRuntimeException(String.format("Migration with storage isn't supported on hypervisor %s of version %s", srcHost.getHypervisorType(), srcHost.getHypervisorVersion()));
         }
 
         // Check if destination host is up.