This PR introduces the initial implementation of Veeam integration support for KVM in CloudStack by adding a UHAPI-compatible server and image server components.
Veeam Backup & Replication interacts with virtualization platforms using its Universal Hypervisor API (UHAPI). To enable backup and restore workflows for CloudStack-managed KVM environments, this change introduces a UHAPI server that exposes CloudStack resources through a UHAPI-compatible interface.
In addition to the control plane APIs, an image server component is introduced to handle the data transfer operations required during backup and restore workflows.
The integration consists of two main components:
1. UHAPI Server (Control Plane) named CloudStack Veeam Control Service
A lightweight UHAPI server runs inside the CloudStack management server and exposes endpoints under:
/ovirt-engine
- /api - For APIs
- /sso - For authentication
- /services/pki-resource - For certificates
This server provides inventory discovery APIs required by Veeam and translates CloudStack resources into the structures expected by UHAPI.
The server:
- exposes infrastructure inventory
- handles authentication and session tokens
- maps CloudStack resources to UHAPI-compatible representations
2. Image Server (Data Plane) named CloudStack Image Service
A separate image server component is introduced to handle backup and restore data transfer operations.
This component:
- serves disk image data during backup
- receives image data during restore operations
- exposes endpoints used by Veeam worker components
- integrates with CloudStack storage to read and write VM disk data
The separation between both these components server ensures that:
- metadata APIs and control operations remain lightweight
- bulk image transfer operations are handled independently
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Co-authored-by: Abhisar Sinha <63767682+abh1sar@users.noreply.github.com>
Co-authored-by: abh1sar <abhisar.sinha@gmail.com>
Co-authored-by: Wei Zhou <weizhou@apache.org>
* Add support to clone existing offerings and update them
* add support for vpc & backup offerings to be cloned
* fix capability list and mapping of params
* Add support to clone network and vpc offering with the right parameters
* make fields non mandatory for clone offerings APIs
* Add UI support for cloning Compute and System Service offerings
* remove unnecessary changes
* fix license and pre-ccommit issues
* Add UI support to clone disk and network offering
* vpc & backup offering clone api
* add unit tests
* fix pre-commit checks
* increase test coverage
* combine add/clone disk/compute offering forms
* update license
* fix unit tests
* fix test failures
* fix test failure - unnecessary stubbings
* pre-commit check failure
* add recently added domain id for bkp offering to be inherited in clone operation
* extract common code wrt service capability in network & vpc offering in add/clone operations
* add some checks to prevent networkmode change when provider is nsx/netris from the source networkmode
* address copilot comments
* address comments
* combine check
* use appropriate zoneId during clone bkp offering
* add check
* fix issue with test
* remove unused imports
* prevent creating a bkp offering of a bkp repo that already exists
* extend clone disk and service offerings to domain admins
When OsLogo component is used in the items of a list having same OS type
it was causing listOsTypes API call multiple time. This change allows
caching request and response value for 30 seconds. Caching behaviour is
controlled using `useCache` flag.
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* added auto refresh button for vm metrics
* refactored getStartDate method and fixed auto refresh date period not being update
* switch variables from var to const
This PR introduces several configuration settings using which an operator can mark certain cryptographic algorithms and parameters as excluded or obsolete for VPN Customer Gateway creation for Site-to-Site VPN.
Cloud providers following modern security frameworks (e.g., ISO 27001/27017) are required to enforce and communicate approved cryptographic standards. CloudStack currently accepts several weak or deprecated algorithms without guidance to users. This PR closes that gap by giving operators explicit control over what is disallowed vs discouraged, improving security posture without breaking existing deployments.
These settings are:
1. vpn.customer.gateway.excluded.encryption.algorithms
2. vpn.customer.gateway.excluded.hashing.algorithms
3. vpn.customer.gateway.excluded.ike.versions
4. vpn.customer.gateway.excluded.dh.group
5. vpn.customer.gateway.obsolete.encryption.algorithms
6. vpn.customer.gateway.obsolete.hashing.algorithms
7. vpn.customer.gateway.obsolete.ike.versions
8. vpn.customer.gateway.obsolete.dh.group
* [UI] Fix primary storage details display when the uuid has different pattern (eg. for pools with SolidFireShared provider)
* Fix on refresh
---------
Co-authored-by: vishesh92 <vishesh92@gmail.com>
Abhishek Kumar
Henrique Sato
Suresh Kumar Anaparti
Manoj Kumar
Pearl Dsilva
Daan Hoogland
Imvedansh
Wei Zhou
Vishesh
Erik Böck
Abhisar Sinha
Tonitzpp
K Viddya
John Bampton