The KVM agent's storage heartbeat scripts (kvmheartbeat.sh and
kvmspheartbeat.sh) hard-code an immediate kernel-level reboot via
'echo b > /proc/sysrq-trigger' when a heartbeat write to primary storage
times out. This bypasses all OS-level shutdown protections, drops every
running VM on the host instantly, and triggers HA cascades onto
surviving hosts.
For NFS shared storage the binary "heartbeat-write-failed = host-is-dead"
heuristic is reasonable. For LINSTOR/DRBD or other replicated local
storage, the same disk serves application I/O, replication I/O and
heartbeat I/O simultaneously - so a transient I/O contention spike can
time out the heartbeat write without the host actually being unhealthy.
The result is false-positive sysrq fencing.
Adds a new agent.properties option:
kvm.heartbeat.fence.action = reboot | graceful-reboot
| restart-agent | log-only
Default value is "reboot" so existing deployments keep their current
behavior. Operators on replicated storage backends can choose a less
destructive action:
- graceful-reboot: 'systemctl reboot' instead of sysrq, allowing VMs
a chance to shut down cleanly
- restart-agent: restart cloudstack-agent only, preserving running VMs
- log-only: log + alert, no automatic action
The existing 'reboot.host.and.alert.management.on.heartbeat.timeout'
boolean continues to function as a complete Java-side bypass.
Refs: https://github.com/apache/cloudstack/issues/13089
* 4.22:
Fix issue when restoring backup after migration of volume (#12549)
Usage: Heartbeat should not schedule usage job when a job is already running (#12616)
Allow limit queries without random ordering (#12598)
engine/schema: fix cluster/zone settings with encrypted values (#12626)
Fix injection of preset variables into the JS interpreter (#12515)
Fix issue with multiple KVM Host entries in host table (#12589)
Add a Prometheus metric to track host certificate expiry (#12613)
ssvm: delete temp directory while deleting entity download url (#12562)
* API modifications for passwordchangerequired
* ui login flow for passwordchangerequired
* add passwordchangerequired in listUsers API response, it will be used in UI to render reset password form
* cleanup redundant LOGIN_SOURCE and limiting apis for first time login
* address copilot comments
* allow enforcing password change for all role types and update reset pwd flow for passwordchangerequired
* address review comments
* add unit tests
* cleanup ispasswordchangerequired from user_view
* address review comments
* 1. Allow enforcing password change while creating user
2. Admin can enforce password change on next login with out resetting password
* address review comment, add unit test
* improve code coverage
* fix pre-commit license issue
* 1. allow enter key to submit change password form
2. hide force password reset for disabled/locked user in ui
* 1. throw exception when force reset password is done for locked/disabled user/account
2. ui validation on current and new password being same
3. allow enforce change password for add user until saml is not enabled
* allow oauth login to skip force password change
* extension/proxmox: improve host vm power reporting
Add `statuses` action in extensions to report VM power states
This PR introduces support for retrieving the power state of all VMs on a host directly from an extension using the new `statuses` action.
When available, this provides a single aggregated response, reducing the need for multiple calls.
If the extension does not implement `statuses`, the server will gracefully fall back to querying individual VMs using the existing `status` action.
This helps with updating the host in CloudStack after out-of-band migrations for the VM.
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* address review
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
---------
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* set `desplayName` to `name` by default
* list by displayname instead of name
* back to using name
* Update api/src/main/java/org/apache/cloudstack/api/command/user/vm/DeployVMCmd.java
---------
Co-authored-by: Daan Hoogland <dahn@apache.org>
James Peru
Suresh Kumar Anaparti
Daan Hoogland
dahn
Manoj Kumar
Pearl Dsilva
Abhisar Sinha
Wei Zhou
Fabricio Duarte
Nicolas Vazquez
Abhishek Kumar
Imvedansh
Erik Böck
Vishesh
K Viddya
salfers