This PR introduces the initial implementation of Veeam integration support for KVM in CloudStack by adding a UHAPI-compatible server and image server components.
Veeam Backup & Replication interacts with virtualization platforms using its Universal Hypervisor API (UHAPI). To enable backup and restore workflows for CloudStack-managed KVM environments, this change introduces a UHAPI server that exposes CloudStack resources through a UHAPI-compatible interface.
In addition to the control plane APIs, an image server component is introduced to handle the data transfer operations required during backup and restore workflows.
The integration consists of two main components:
1. UHAPI Server (Control Plane) named CloudStack Veeam Control Service
A lightweight UHAPI server runs inside the CloudStack management server and exposes endpoints under:
/ovirt-engine
- /api - For APIs
- /sso - For authentication
- /services/pki-resource - For certificates
This server provides inventory discovery APIs required by Veeam and translates CloudStack resources into the structures expected by UHAPI.
The server:
- exposes infrastructure inventory
- handles authentication and session tokens
- maps CloudStack resources to UHAPI-compatible representations
2. Image Server (Data Plane) named CloudStack Image Service
A separate image server component is introduced to handle backup and restore data transfer operations.
This component:
- serves disk image data during backup
- receives image data during restore operations
- exposes endpoints used by Veeam worker components
- integrates with CloudStack storage to read and write VM disk data
The separation between both these components server ensures that:
- metadata APIs and control operations remain lightweight
- bulk image transfer operations are handled independently
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Co-authored-by: Abhisar Sinha <63767682+abh1sar@users.noreply.github.com>
Co-authored-by: abh1sar <abhisar.sinha@gmail.com>
Co-authored-by: Wei Zhou <weizhou@apache.org>
After disabling 2FA via setupUserTwoFactorAuthentication, the API may
return is2faenabled as null or undefined rather than boolean false.
The strict equality check (=== false) prevented the "Setup 2FA" button
from appearing in those cases, making it impossible to re-enable 2FA.
Change the check to a falsy check (!record.is2faenabled) so the button
is shown whenever 2FA is not enabled, regardless of whether the value
is false, null, or undefined.
Fixes: https://github.com/apache/cloudstack/issues/13233
* 4.22:
VM Deployment using snapshot in new zone (#13178)
Change exception treatment on incremental snapshot wait (#12665)
Move checkRoleEscalation outside DB transaction in createAccount (#13044)
Fix/flasharray delete rename destroy patch conflict (#13049)
Fix VPC network offerings listing in isolated network creation form (#12645)
systemvm: accept ipv6 established/related return traffic (#13173)
update debian change log
Updating pom.xml version numbers for release 4.22.2.0-SNAPSHOT
Updating pom.xml version numbers for release 4.22.1.0
Update suse15 packaging spec, use qemu-ovmf-x86_64 package instead of edk2-ovmf for agent (#13133)
Change disk-only VM snapshot removal message (#11182)
Update mysql java connector version to 8.4.0 (matching version for MySQL 8.4) (#12640)
adaptive: honor user-provided capacityBytes when provider stats are unavailable (#13059)
Flexibilize public IP selection (#11076)
* 4.20:
Fix/flasharray delete rename destroy patch conflict (#13049)
Fix VPC network offerings listing in isolated network creation form (#12645)
Update mysql java connector version to 8.4.0 (matching version for MySQL 8.4) (#12640)
adaptive: honor user-provided capacityBytes when provider stats are unavailable (#13059)
Flexibilize public IP selection (#11076)
* Add support to clone existing offerings and update them
* add support for vpc & backup offerings to be cloned
* fix capability list and mapping of params
* Add support to clone network and vpc offering with the right parameters
* make fields non mandatory for clone offerings APIs
* Add UI support for cloning Compute and System Service offerings
* remove unnecessary changes
* fix license and pre-ccommit issues
* Add UI support to clone disk and network offering
* vpc & backup offering clone api
* add unit tests
* fix pre-commit checks
* increase test coverage
* combine add/clone disk/compute offering forms
* update license
* fix unit tests
* fix test failures
* fix test failure - unnecessary stubbings
* pre-commit check failure
* add recently added domain id for bkp offering to be inherited in clone operation
* extract common code wrt service capability in network & vpc offering in add/clone operations
* add some checks to prevent networkmode change when provider is nsx/netris from the source networkmode
* address copilot comments
* address comments
* combine check
* use appropriate zoneId during clone bkp offering
* add check
* fix issue with test
* remove unused imports
* prevent creating a bkp offering of a bkp repo that already exists
* extend clone disk and service offerings to domain admins
Adds a new request parameter for create/updateExtension API to allow
operator to provide detail names for the extension resources which will be reserved to be used by the extension. The end user won't be able to view or add details with these details names for the resource.
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* API modifications for passwordchangerequired
* ui login flow for passwordchangerequired
* add passwordchangerequired in listUsers API response, it will be used in UI to render reset password form
* cleanup redundant LOGIN_SOURCE and limiting apis for first time login
* address copilot comments
* allow enforcing password change for all role types and update reset pwd flow for passwordchangerequired
* address review comments
* add unit tests
* cleanup ispasswordchangerequired from user_view
* address review comments
* 1. Allow enforcing password change while creating user
2. Admin can enforce password change on next login with out resetting password
* address review comment, add unit test
* improve code coverage
* fix pre-commit license issue
* 1. allow enter key to submit change password form
2. hide force password reset for disabled/locked user in ui
* 1. throw exception when force reset password is done for locked/disabled user/account
2. ui validation on current and new password being same
3. allow enforce change password for add user until saml is not enabled
* allow oauth login to skip force password change
Abhishek Kumar
Gabriel Pordeus Santos
dahn
Fabricio Duarte
Bernardo De Marco Gonçalves
Vishesh
Daman Arora
Erik Böck
Tonitzpp
João Jandre
Manoj Kumar
Suresh Kumar Anaparti
dahn
Henrique Sato
Harikrishna
Daan Hoogland
Abhisar Sinha
Nicolas Vazquez
John Bampton
Pearl Dsilva
Dheeraj Bansal
GaOrtiga
Andrei Mizurou