Commit Graph

738 Commits

Author SHA1 Message Date
Abhishek Kumar a1959f2dc2
backup: veeam kvm integration (#12991)
This PR introduces the initial implementation of Veeam integration support for KVM in CloudStack by adding a UHAPI-compatible server and image server components.

Veeam Backup & Replication interacts with virtualization platforms using its Universal Hypervisor API (UHAPI). To enable backup and restore workflows for CloudStack-managed KVM environments, this change introduces a UHAPI server that exposes CloudStack resources through a UHAPI-compatible interface.

In addition to the control plane APIs, an image server component is introduced to handle the data transfer operations required during backup and restore workflows.


The integration consists of two main components:

1. UHAPI Server (Control Plane) named CloudStack Veeam Control Service

A lightweight UHAPI server runs inside the CloudStack management server and exposes endpoints under:

/ovirt-engine
    - /api - For APIs
    - /sso - For authentication
    - /services/pki-resource - For certificates

This server provides inventory discovery APIs required by Veeam and translates CloudStack resources into the structures expected by UHAPI.

The server:

- exposes infrastructure inventory
- handles authentication and session tokens
- maps CloudStack resources to UHAPI-compatible representations


2. Image Server (Data Plane) named CloudStack Image Service

A separate image server component is introduced to handle backup and restore data transfer operations.

This component:

- serves disk image data during backup
- receives image data during restore operations
- exposes endpoints used by Veeam worker components
- integrates with CloudStack storage to read and write VM disk data

The separation between both these components server ensures that:

- metadata APIs and control operations remain lightweight
- bulk image transfer operations are handled independently

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Co-authored-by: Abhisar Sinha <63767682+abh1sar@users.noreply.github.com>
Co-authored-by: abh1sar <abhisar.sinha@gmail.com>
Co-authored-by: Wei Zhou <weizhou@apache.org>
2026-06-08 08:47:00 +02:00
dahn b16340399b fix: show re-enable 2FA button when is2faenabled is null/undefined
After disabling 2FA via setupUserTwoFactorAuthentication, the API may
return is2faenabled as null or undefined rather than boolean false.
The strict equality check (=== false) prevented the "Setup 2FA" button
from appearing in those cases, making it impossible to re-enable 2FA.

Change the check to a falsy check (!record.is2faenabled) so the button
is shown whenever 2FA is not enabled, regardless of whether the value
is false, null, or undefined.

Fixes: https://github.com/apache/cloudstack/issues/13233
2026-05-26 14:59:07 +02:00
Fabricio Duarte 67b849f3ef Merge release branch 4.22 to main
* 4.22:
      VM Deployment using snapshot in new zone (#13178)
      Change exception treatment on incremental snapshot wait (#12665)
      Move checkRoleEscalation outside DB transaction in createAccount (#13044)
      Fix/flasharray delete rename destroy patch conflict (#13049)
      Fix VPC network offerings listing in isolated network creation form (#12645)
      systemvm: accept ipv6 established/related return traffic (#13173)
      update debian change log
      Updating pom.xml version numbers for release 4.22.2.0-SNAPSHOT
      Updating pom.xml version numbers for release 4.22.1.0
      Update suse15 packaging spec, use qemu-ovmf-x86_64 package instead of edk2-ovmf for agent (#13133)
      Change disk-only VM snapshot removal message (#11182)
      Update mysql java connector version to 8.4.0 (matching version for MySQL 8.4) (#12640)
      adaptive: honor user-provided capacityBytes when provider stats are unavailable (#13059)
      Flexibilize public IP selection (#11076)
2026-05-22 10:37:13 -03:00
Vishesh 1fe486f493
Add ROOT CAs to the trust store and allow force provisioning of certs hosts & systemVMs via ssh (#12911) 2026-05-21 13:19:13 +05:30
João Jandre 470e95964b
Change disk-only VM snapshot removal message (#11182)
* fix message

* check for hypervisor

* fix function being executed once
2026-05-11 15:17:23 +05:30
Manoj Kumar 72b99a3f8c
Make resource deletion safer with name confirmation (#13104)
* enable double confirmation in delete flow for resource

* address copilot comments
2026-05-08 10:56:50 +05:30
Bernardo De Marco Gonçalves 96ca1b2a7c
Add option to control MAC address reuse for VR public NICs (#13001) 2026-05-06 13:41:11 -03:00
Daan Hoogland 82bfa9fb3f Merge branch '4.22' 2026-04-14 14:50:44 +02:00
Daan Hoogland 1085da4ef8 Merge commit '19b4ef106931aa1d6a8fed06984009d86760e4de' into 4.22 2026-04-14 13:15:05 +02:00
Pearl Dsilva 3bd5410f9a
Add support to clone existing offerings and update them (#12357)
* Add support to clone existing offerings and update them

* add support for vpc & backup offerings to be cloned

* fix capability list and mapping of params

* Add support to clone network and vpc offering with the right parameters

* make fields non mandatory for clone offerings APIs

* Add UI support for cloning Compute and System Service offerings

* remove unnecessary changes

* fix license and pre-ccommit issues

* Add UI support to clone disk and network offering

* vpc & backup offering clone api

* add unit tests

* fix pre-commit checks

* increase test coverage

* combine add/clone disk/compute offering forms

* update license

* fix unit tests

* fix test failures

* fix test failure - unnecessary stubbings

* pre-commit check failure

* add recently added domain id for bkp offering to be inherited in clone operation

* extract common code wrt service capability in network & vpc offering in add/clone operations

* add some checks to prevent networkmode change when provider is nsx/netris from the source networkmode

* address copilot comments

* address comments

* combine check

* use appropriate zoneId during clone bkp offering

* add check

* fix issue with test

* remove unused imports

* prevent creating a bkp offering of a bkp repo that already exists

* extend clone disk and service offerings to domain admins
2026-03-17 12:01:43 +05:30
Nicolas Vazquez 93239e09f1
Add conserve mode for VPC offerings (#12487) 2026-03-16 09:39:42 +01:00
Daman Arora 8c579538f9
CKS: Allow affinity group selection during cluster creation (#12386)
Co-authored-by: Daman Arora <daman.arora@shapeblue.com>
2026-03-13 10:58:55 +01:00
GaOrtiga 7ad68aafa5
Enable defining a network as redundant during restart through the UI (#7405)
Co-authored-by: Gabriel <gabriel.fernandes@scclouds.com.br>
Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
2026-03-04 17:00:54 +01:00
Suresh Kumar Anaparti a8bd02f8ba
Merge branch '4.22' 2026-02-26 11:12:20 +05:30
Suresh Kumar Anaparti b74f21b967
Merge branch '4.20' into 4.22 2026-02-26 11:11:41 +05:30
Suresh Kumar Anaparti cf71938473
[UI] Allow change password for native users only. (#12584) 2026-02-23 12:39:55 +01:00
Abhishek Kumar 95816b44e9 extensions: allow reserved resource details
Adds a new request parameter for create/updateExtension API to allow
operator to provide detail names for the extension resources which will be reserved to be used by the extension. The end user won't be able to view or add details with these details names for the resource.

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
2026-02-22 18:08:03 +01:00
Manoj Kumar c79b33c1fb
Allow enforcing password change for a user after reset by admin (root/domain) (#12294)
* API modifications for passwordchangerequired

* ui login flow for passwordchangerequired

* add passwordchangerequired in listUsers API response, it will be used in UI to render reset password form

* cleanup redundant LOGIN_SOURCE and limiting apis for first time login

* address copilot comments

* allow enforcing password change for all role types and update reset pwd flow for passwordchangerequired

* address review comments

* add unit tests

* cleanup ispasswordchangerequired from user_view

* address review comments

* 1. Allow enforcing password change while creating user
2. Admin can enforce password change on next login with out resetting password

* address review comment, add unit test

* improve code coverage

* fix pre-commit license issue

* 1. allow enter key to submit change password form
2. hide force password reset for disabled/locked user in ui

* 1. throw exception when force reset password is done for locked/disabled user/account
2. ui validation on current and new password being same
3. allow enforce change password for add user until saml is not enabled

* allow oauth login to skip force password change
2026-02-16 16:01:42 +05:30
Suresh Kumar Anaparti a55f85af50
Merge branch '4.22' 2026-01-29 15:55:03 +05:30
Abhishek Kumar 10e0d42f45
ui: introduce section-level “advisories” with quick-fix actions (#11763)
* ui: introduce section-level “advisories” with quick-fix actions

This change adds a lightweight “advisories” mechanism to section configs and ships the first advisory to help operators satisfy some of the CKS prerequisites.

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix endpoint.url check

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* label consistency

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* Update ui/src/components/view/AdvisoriesView.vue

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* improvements

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* remove comments

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* allow disabling

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

---------

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-01-29 09:37:52 +02:00
Suresh Kumar Anaparti 65e9bebc69
Show parent snapshot (along with the chain size) for incremental snapshots (#12468)
* Show parent snapshot (along with the chain size) for incremental snapshots

* review

* review changes
2026-01-29 08:16:10 +02:00
Abhishek Kumar 9fc93af85f
ui: allow actions for other users of root admin (#11319)
Fixes #10306

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
2026-01-28 16:06:04 +02:00
Erik Böck cd2d71104e
Implement SSVM storage network IP to API response and GUI details tab (#11979)
* Implement SSVM storage network IP to API response and GUI details tab

* remove network mention from attribute name

* remove network from serialized name

* fix parameter name in the UI
2026-01-27 17:29:06 +05:30
Suresh Kumar Anaparti 4bcf3ea57d
Merge branch '4.22' 2026-01-26 12:46:54 +05:30
Suresh Kumar Anaparti 000919d6e5
Merge branch '4.20' into 4.22 2026-01-26 12:46:09 +05:30
Wei Zhou b5e9178078
UI: fix issues when deploy VNF applicance on network with SG (#12436) 2026-01-22 10:56:03 +01:00
Suresh Kumar Anaparti 420bf6dff8
Merge branch '4.22' 2026-01-22 13:24:08 +05:30
Suresh Kumar Anaparti b1f870ae83
Merge branch '4.20' into 4.22 2026-01-22 13:23:21 +05:30
Vitor Hugo Homem Marzarotto 2a6ce0c8a8
Adds url kubernetes iso (#10862)
Co-authored-by: Vitor Hugo Homem Marzarotto <vitor.marzarotto@scclouds.com.br>
Co-authored-by: Henrique Sato <henriquesato2003@gmail.com>
2026-01-20 08:10:42 +01:00
Pearl Dsilva 8b2f1f19c2
Support dedicating backup offerings to domains (#12194)
* Add support for dedicating backup offerings to domains

* Add tests and UI support and update response params

* add license header

* exclude backupofferingdetailsvo from sonar

* fix pre-commit checks - missing / extra EOF line

* add test

* EOF

* filter backup offerings by domain id

* add unit tests

* add more unit tests and remove response file from code coverage check

* update checks

* address review comments: extract common code, fix tests

* added bean definition

* address comments

* add unit tests to increase coverage

* pre-commit check failure fix

* address merge issue

* allow updating backup offering when only domain id is modified
2026-01-19 14:21:47 +05:30
Abhisar Sinha 002d9768b2
Add settings to mark cryptographic algorithms in vpn customer gateways as excluded or obsolete (#12193)
This PR introduces several configuration settings using which an operator can mark certain cryptographic algorithms and parameters as excluded or obsolete for VPN Customer Gateway creation for Site-to-Site VPN.

Cloud providers following modern security frameworks (e.g., ISO 27001/27017) are required to enforce and communicate approved cryptographic standards. CloudStack currently accepts several weak or deprecated algorithms without guidance to users. This PR closes that gap by giving operators explicit control over what is disallowed vs discouraged, improving security posture without breaking existing deployments.

These settings are:

1. vpn.customer.gateway.excluded.encryption.algorithms
2. vpn.customer.gateway.excluded.hashing.algorithms
3. vpn.customer.gateway.excluded.ike.versions
4. vpn.customer.gateway.excluded.dh.group
5. vpn.customer.gateway.obsolete.encryption.algorithms
6. vpn.customer.gateway.obsolete.hashing.algorithms
7. vpn.customer.gateway.obsolete.ike.versions
8. vpn.customer.gateway.obsolete.dh.group
2026-01-19 13:18:37 +05:30
Abhishek Kumar 538578366a Merge remote-tracking branch 'apache/4.22' 2026-01-13 11:49:07 +05:30
Abhishek Kumar 031fbf43d4 Merge remote-tracking branch 'apache/4.20' into 4.22 2026-01-13 11:48:05 +05:30
Suresh Kumar Anaparti 2b373a4659
[UI] Fix primary storage details display when the uuid has divergent pattern (#12307)
* [UI] Fix primary storage details display when the uuid has different pattern (eg. for pools with SolidFireShared provider)

* Fix on refresh

---------

Co-authored-by: vishesh92 <vishesh92@gmail.com>
2026-01-12 14:18:35 +05:30
Abhishek Kumar cd55796972
webhook: fixes, filter enhancement (#12023)
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
2026-01-05 09:12:06 +01:00
dahn 124fcde59c
unlink an ldap domain (#11962)
Co-authored-by: Daan Hoogland <dahn@apache.org>
Co-authored-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
2025-12-17 13:04:06 +01:00
Abhishek Kumar 44119cf34f
ui: fix dsiple managementservermetricsresponse - agentcount (#12148)
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
2025-11-28 10:29:18 +01:00
Erik Böck 23fb0e2ccb
Update GUI Kubernetes logo (#11895) 2025-11-11 18:13:00 +01:00
Pearl Dsilva f4b6a74a94
Add support for CSI driver in CKS (#11419)
* Support creation of PV(persistent volumes) in CloudStack projects

* add support for snapshot APIs for project role

* Add support to setup csi driver on k8s cluster creation

* fix deploy script

* update response

* fix table name

* fix linter

* show if csi driver is setup in cluster

* delete pvs whose reclaim policy is delete when cluster is destroyed

* update ref

* move changes to 4.22

* fix variables

* fix eof
2025-10-15 11:03:47 +05:30
Vishesh 0ca267f516
Allow uploading of ISO for creating kubernetes supported versions (#9561) 2025-10-13 12:51:30 +02:00
Suresh Kumar Anaparti df49c4f14b
UI: Move Backup Repository to Infrastructure (from Configuration) (#11738)
* UI: Move Backup Repository to Infrastructure (from Configuration)

* Updated nas doc help link
2025-10-10 13:25:05 +05:30
Pearl Dsilva 973819dad6
API: Add support to list all snapshot policies & backup schedules (#11587)
* API: Add support to list all snapshot policies & backup schedules

* Add support for backup policy listing without tying it to the vmid

* add tests for snapshot policy listing

* update tests for listbackupschedules

* remove trailing spaces and fix lint failure

* Add upgrade test

* remove unused import

* add create policy - snap/backup in the list view with resource (volume/vm) selection

* add translations

* refresh parent list

* remove unnecessary alert info

* fix checks for UI backup schedule list view

* fix checks for UI backup schedule list view

* add back access checks

* add since param

* fix failing test

* update snapshot policy and backup schedule ownership when VM is moved

* fix issue with showing vm selection

* fix unit test failure

* Update list snappolicy & backup schedule logic to list only those that belong to a proj or for root admin those that belong to it, unless listall & projid is passed

* fix test

* support snap / backup policy search using keyword

* fix tests
2025-10-09 17:22:17 +05:30
Pearl Dsilva cd12fa5848
Add UUID field for LDAP configuration (#11462)
* Add UUID field for LDAP configuration

* move db changes to the lastest schema file

* Add ID param to list ldapConf API & delete ldapConf API

* fix ui test

* fix 1 ui test

* fix test

* fix api description

---------

Co-authored-by: dahn <daan@onecht.net>
2025-10-01 14:43:22 +02:00
Abhisar Sinha 23c9e83047
Create Instance from backup on another Zone (DRaaS use case) (#11560)
* draas initial changes

* Added option to enable disaster recovery on a backup respository. Added UpdateBackupRepositoryCmd api.

* Added timeout for mount operation in backup restore configurable via global setting

* Addressed review comments

* fix for simulator test failures

* Added UT for coverage

* Fix create instance from backup ui for other providers

* Added events to add/update backup repository

* Fix race in fetchZones

* One more fix in fetchZones in DeployVMFromBackup.vue

* Fix zone selection in createNetwork via Create Instance from backup form.

* Allow template/iso selection in create instance from backup ui

* rename draasenabled to crosszoneinstancecreation

* Added Cross-zone instance creation in test_backup_recovery_nas.py

* Added UT in BackupManagerTest and UserVmManagerImplTest

* Integration test added for Cross-zone instance creation in test_backup_recovery_nas.py
2025-09-25 13:28:29 +05:30
Abhishek Kumar 4884f52c90
ui: allow provisioning backups during instance deploy (#11612)
* ui: allow assigning backup offring during instance deploy

Add backup offering selection to Deploy VM wizard and assign selected backup offering to the VM after successful deployment. This enables users to choose a backup offering during VM creation, and the VM is automatically associated with the selected offering post-deployment.

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* changes for schedules

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* Update ui/public/locales/pt_BR.json

* Update ui/src/views/compute/wizard/DeployInstanceBackupSelection.vue

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* address review

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* fix

* allow only one schdeule per interval type

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* show message same internaltype schedule

* show backup step only when zone has offering

---------

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-09-23 14:51:42 +05:30
vishesh92 ada750e391
Merge branch '4.20' 2025-09-17 14:26:06 +05:30
Manoj Kumar 1948f90c2c
[UI] Fix group disable action for compute and disk offering (#11602) 2025-09-15 11:57:59 +02:00
Wei Zhou b46e29dc67
Improvement: SSL offloading with Virtual Router (#11468)
* SSL offloading with Virtual Router

* PR11468: fix pre-commit errors

* PR11468: api->getAPI/postAPI in UI

* SSL: add smoke tests for VPC in user project

* PR11468: address Daan's comments

* Fix test/integration/smoke/test_ssl_offloading.py

* SSL: remove ssl certificates when clean up account

* SSL offloading: add unit tests

* SSL offloading: UI fixes part 1

* SSL offloading: UI changes part 2

* SSL offloading: add more unit tests

* SSL offloading: more unit tests 3

* SSL offloading: wrong check

* SSL offloading: more and more unit tests

* SSL offloading: add testUpdateLoadBalancerRule5
2025-09-11 16:37:18 +05:30
Wei Zhou abe41add86
Merge remote-tracking branch 'apache/4.20' 2025-09-02 08:24:37 +02:00
Harikrishna 92e7593296
Use update offering APIs to disable compute and disk offerings (#11550) 2025-09-02 11:25:32 +05:30