This PR introduces several configuration settings using which an operator can mark certain cryptographic algorithms and parameters as excluded or obsolete for VPN Customer Gateway creation for Site-to-Site VPN.
Cloud providers following modern security frameworks (e.g., ISO 27001/27017) are required to enforce and communicate approved cryptographic standards. CloudStack currently accepts several weak or deprecated algorithms without guidance to users. This PR closes that gap by giving operators explicit control over what is disallowed vs discouraged, improving security posture without breaking existing deployments.
These settings are:
1. vpn.customer.gateway.excluded.encryption.algorithms
2. vpn.customer.gateway.excluded.hashing.algorithms
3. vpn.customer.gateway.excluded.ike.versions
4. vpn.customer.gateway.excluded.dh.group
5. vpn.customer.gateway.obsolete.encryption.algorithms
6. vpn.customer.gateway.obsolete.hashing.algorithms
7. vpn.customer.gateway.obsolete.ike.versions
8. vpn.customer.gateway.obsolete.dh.group
* pre-commit: add oxipng a lossless PNG compression optimizer
"Lossless compression is a data compression technique where the original data can be perfectly
reconstructed from the compressed data. In essence, no information is lost during compression
and decompression, making it ideal for situations where data integrity is critical"
https://en.wikipedia.org/wiki/Lossless_compressionhttps://github.com/oxipng/oxipnghttps://github.com/oxipng/oxipng?tab=readme-ov-file#git-integration-via-pre-commit
Ran pre-commit here locally and it compressed the images on first run.
So we have less data for some images with the same quality.
Less data means less to download etc and saves bandwidth.
* Fix up from code review
* Fix import VM tasks pagination
* Fix UI for pagination and proper listing
* Fixes and improvements
* Polish UI
* Restore config.json
* Fix state on parameter description
* Support creation of PV(persistent volumes) in CloudStack projects
* add support for snapshot APIs for project role
* Add support to setup csi driver on k8s cluster creation
* fix deploy script
* update response
* fix table name
* fix linter
* show if csi driver is setup in cluster
* delete pvs whose reclaim policy is delete when cluster is destroyed
* update ref
* move changes to 4.22
* fix variables
* fix eof
* add createCrossZoneInstnaceEnabled to BackupOfferingResponse
* show use IP Address from Backup button when orignal instance is expunged
* Fix NPE in takeBackup if the vm template is deleted.
* Add since to Cross zone instance creation in BackupOfferingResponse.java
Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
* Store and show Guest os type in the backup metadata
* show warning in create instance from backup form if guest os type is different
* show warning in create instance from backup form if guest os type is different
* backupvmexpunged -> isbackupvmexpunged
* review comments
* fix npe
* improve err msg
* err msg
---------
Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
* Add source VM name on virt-v2v migration log entries
* Improve the feedback by displaying the running importing tasks
* Add source VM name prefix on more conversion logs
* Improve listing and also list completed tasks
* Pass extra parameters to virt-v2v if administrator allows via global setting
* Add Force converting directly to storage pool option
* Refactor based on review comments
* Add properties for env vars for the instance conversion
* Add separate component for Import VM Tasks
* applying copilot suggestions from code review
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Fix importing unmanaged instances due to incorrect internal name
* Add VM prefix on each log operation for conversion
* Log the original VM name instead of the cloned VM in case of cloning
* Allow searching storage pool by UUID after conversion to support SharedMountPoint
* Fix search pools logic
* Improve UI and add checks for force convert to pool parameter
* Support Local storage when forceconverttopool is set to true
* Add config key to for allowed extra params and add validation
* Fix params lists
* Fix compile error
* Remove extra stubbings
* Fix extra params execution
---------
Co-authored-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
* API: Add support to list all snapshot policies & backup schedules
* Add support for backup policy listing without tying it to the vmid
* add tests for snapshot policy listing
* update tests for listbackupschedules
* remove trailing spaces and fix lint failure
* Add upgrade test
* remove unused import
* add create policy - snap/backup in the list view with resource (volume/vm) selection
* add translations
* refresh parent list
* remove unnecessary alert info
* fix checks for UI backup schedule list view
* fix checks for UI backup schedule list view
* add back access checks
* add since param
* fix failing test
* update snapshot policy and backup schedule ownership when VM is moved
* fix issue with showing vm selection
* fix unit test failure
* Update list snappolicy & backup schedule logic to list only those that belong to a proj or for root admin those that belong to it, unless listall & projid is passed
* fix test
* support snap / backup policy search using keyword
* fix tests
CS creates transient KVM domain.xml. When instance is unmanaged from CS, explicit dump of domain has to be taken to manage is outside of CS.
With this PR
domainXML gets backed up and becomes persistent for further management of Instance.
Stopped instance also can be unmanaged, last host for instance is considered for defining domain
hostid param is supported in unmanageVirtualMachine API for KVM hypervisor and for stopped Instances
hostid field in response of unmanageVirtualMachine, representing host used for unmanage operation
Disable unmanaging instance with config drive, can unmanage from API using forced=true param for KVM
* draas initial changes
* Added option to enable disaster recovery on a backup respository. Added UpdateBackupRepositoryCmd api.
* Added timeout for mount operation in backup restore configurable via global setting
* Addressed review comments
* fix for simulator test failures
* Added UT for coverage
* Fix create instance from backup ui for other providers
* Added events to add/update backup repository
* Fix race in fetchZones
* One more fix in fetchZones in DeployVMFromBackup.vue
* Fix zone selection in createNetwork via Create Instance from backup form.
* Allow template/iso selection in create instance from backup ui
* rename draasenabled to crosszoneinstancecreation
* Added Cross-zone instance creation in test_backup_recovery_nas.py
* Added UT in BackupManagerTest and UserVmManagerImplTest
* Integration test added for Cross-zone instance creation in test_backup_recovery_nas.py
* ui: allow assigning backup offring during instance deploy
Add backup offering selection to Deploy VM wizard and assign selected backup offering to the VM after successful deployment. This enables users to choose a backup offering during VM creation, and the VM is automatically associated with the selected offering post-deployment.
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* changes for schedules
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* fix
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* fix
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* Update ui/public/locales/pt_BR.json
* Update ui/src/views/compute/wizard/DeployInstanceBackupSelection.vue
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* address review
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* fix
* allow only one schdeule per interval type
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* show message same internaltype schedule
* show backup step only when zone has offering
---------
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* api,server,ui: allow listing events by state
This change allows listing events by a particular state - Created, Scheduled, Started, Completed.
A new parameter - state has been added to the listEvents API and corresponding changes have been added in the UI.
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* Update api/src/main/java/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java
---------
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
This feature adds the ability to create a new instance from a VM backup for dummy, NAS and Veeam backup providers. It works even if the original instance used to create the backup was expunged or unmanaged. There are two parts to this functionality:
Saving all configuration details that the VM had at the time of taking the backup. And using them to create an instance from backup.
Enabling a user to expunge/unmanage an instance that has backups.
This PR allows attaching of GPU devices via PCI, mdev or VF to an Instance for KVM.
It allows the operator to discover the GPU devices on the KVM host and create a Compute Offering with GPU support based on the available GPU devices on the host. Once the operator has created the Compute offering, it can be used by users to launch Instances with GPU devices.
The Extensions Framework in Apache CloudStack is designed to provide a flexible and standardised mechanism for integrating external systems and custom workflows into CloudStack’s orchestration process. By defining structured hook points during key operations—such as virtual machine deployment, resource preparation, and lifecycle events—the framework allows administrators and developers to extend CloudStack’s behaviour without modifying its core codebase.
The Netris Plugin introduces Netris as a network service provider in CloudStack to be able to create and manage Virtual Private Clouds (VPCs) in CloudStack, being able to orchestrate the following network functionalities:
- Network segmentation with Netris-VXLAN isolation method
- Routing between "public" IP and network segments with an ACS ROUTED mode offering
- SourceNAT, DNAT, 1:1 NAT between "public" IP and network segments with an ACS NATTED mode offering
- Routing between VPC network segments (tiers in ACS nomenclature)
- Access Lists (ACLs) between VPC tiers and "public" network (TCP, UDP, ICMP) both as global egress rules and "public" IP specific ingress rules.
- ACLs between VPC network tiers (TCP, UDP, ICMP)
- External load balancing – between VPC network tiers and "public" IP
- Internal load balancing – between VPC network tiers
- CloudStack Virtual Router services (DHCP, DNS, UserData, Password Injection, etc…)
* Replace ACL list with ACL and related changes to the json files in public/locales
* Replace ACL list with ACL and related changes to network.js, VpcTab.vue and AclRulesTab.vue
* Replace Export ACLs with Export ACL rules
* standardize the term user data everywhere. fix the placeholder in register user data form.
* Convert resource names in main menu and action buttons to Title case
* Use special icon for sharedfs instance and prefix for sharedfs volumes
* Give custom icon precedence over shared fs icon
* Fixed some issues with public/locale files
* Revert sharedfsvm changes
* Added label.add.acl.name to en.json which was incorrectly removed
* replace all *userdata* labels to *user.data* in public json files.
* remove redundant labels label.user.data.l2 and label.replace.acl.list
* Update ui/src/views/offering/AddNetworkOffering.vue
Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
* user data -> User Data in cmd and response
* fix more Title case on action buttons and labels.
---------
Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
* UI: Login to a specific Project view
* Fix project icon
* Add the option to display project on login on the config.json file
---------
Co-authored-by: Pearl Dsilva <pearl1594@gmail.com>
Suresh Kumar Anaparti
Vitor Hugo Homem Marzarotto
Abhisar Sinha
Abhishek Kumar
dahn
Daan Hoogland
Manoj Kumar
John Bampton
Wei Zhou
Nicolas Vazquez
Pearl Dsilva
Vishesh
Henrique Sato
Oleg Chuev 👋
slavkap
Vishesh
Harikrishna