* 4.22:
fix install path for systemvm templates when introducing new sec storage (#11605)
fix Sensitive Data Exposure Through Exception Logging in OVM Hypervis… (#12032)
Fix snapshot physical size after migration (#12166)
ConfigDrive: use file absolute path instead of canonical path to create ISO (#11623)
Add log for null templateVO (#12406)
snapshot: fix listSnapshots for volume which got delete and whose storage pool got deleted (#12433)
Notify user if template upgrade is not required (#12483)
Fix: proper permissions for systemvm template registrations on hardened systems (#12098)
Allow modification of user vm details if user.vm.readonly.details is empty (#10456)
NPE fix while deleting storage pool when pool has detached volumes (#12451)
* NPE fix while deleting storage pool when pool has detached volumes
* review
* unit tests
* Added log for volumes not attached to any VMs
* update filter, log and test
* updated volume dao method names returning non destroyed volumes
* build fix
---------
Co-authored-by: dahn <daan@onecht.net>
* Add support for dedicating backup offerings to domains
* Add tests and UI support and update response params
* add license header
* exclude backupofferingdetailsvo from sonar
* fix pre-commit checks - missing / extra EOF line
* add test
* EOF
* filter backup offerings by domain id
* add unit tests
* add more unit tests and remove response file from code coverage check
* update checks
* address review comments: extract common code, fix tests
* added bean definition
* address comments
* add unit tests to increase coverage
* pre-commit check failure fix
* address merge issue
* allow updating backup offering when only domain id is modified
This PR introduces several configuration settings using which an operator can mark certain cryptographic algorithms and parameters as excluded or obsolete for VPN Customer Gateway creation for Site-to-Site VPN.
Cloud providers following modern security frameworks (e.g., ISO 27001/27017) are required to enforce and communicate approved cryptographic standards. CloudStack currently accepts several weak or deprecated algorithms without guidance to users. This PR closes that gap by giving operators explicit control over what is disallowed vs discouraged, improving security posture without breaking existing deployments.
These settings are:
1. vpn.customer.gateway.excluded.encryption.algorithms
2. vpn.customer.gateway.excluded.hashing.algorithms
3. vpn.customer.gateway.excluded.ike.versions
4. vpn.customer.gateway.excluded.dh.group
5. vpn.customer.gateway.obsolete.encryption.algorithms
6. vpn.customer.gateway.obsolete.hashing.algorithms
7. vpn.customer.gateway.obsolete.ike.versions
8. vpn.customer.gateway.obsolete.dh.group
This PR fixes#11502
- Prevent service offering update to specific domains if any instance for the offering are outside of those
- Removal of offerings is skipped if it is in use by any Instance.
Bundling all hypervisor SystemVM templates in release packages simplifies installs but inflates build time and artifact size. This change enables downloading templates on demand when they’re not found after package installation. The download path is wired into both cloud-setup-management and the existing SystemVM template registration flow.
For connected or mirrored environments, a repository URL prefix can be provided to support air-gapped setups: pass --systemvm-templates-repository <URL-prefix> to cloud-setup-management, or set system.vm.templates.download.repository=<URL-prefix> in server.properties for post-setup registration.
If templates are already present (bundled or preseeded), behavior is unchanged and no download is attempted.
---------
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* Cleanup userconcentratedpod_random and userconcentratedpod_firstfit allocation algorithm
* use firstfit instead of random for userconcentratedpod_firstfit
This PR aligns the use of terminology, renaming VM / virtual machine references to 'Instance' and also capitalising the terms Templates, Network, Snapshot, User, Account in CloudStack APIs, error and log messages, events, tooltips, etc. Many typos, grammar and spelling mistakes were fixed, also terms like IPv4, VPN, VPC, etc. were properly capitalised. Some error messages were cleaned for better readability. The test cases, expecting some exception strings were adjusted accordingly.
Here is the wiki page, describing the changes in details:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Object+Naming+and+Title+Case+Convention
---------
Co-authored-by: Manoj Kumar <manojkr.itbhu@gmail.com>
Co-authored-by: Harikrishna <harikrishna.patnala@gmail.com>
* 4.22:
Update templateConfig.sh to not break with directorys with space on t… (#10898)
Fix VM and volume metrics listing regressions (#12284)
packaging: use latest cmk release link directly (#11429)
api:rename RegisterCmd.java => RegisterUserKeyCmd.java (#12259)
Prioritize copying templates from other secondary storages instead of downloading them (#10363)
Show time correctly in the backup schedule UI (#12012)
kvm: use preallocation option for fat disk resize (#11986)
Python exception processing static routes fixed (#11967)
KVM memballooning requires free page reporting and autodeflate (#11932)
api: create/register/upload template with empty template tag (#12234)
Daan Hoogland
Manoj Kumar
Suresh Kumar Anaparti
Vishesh
Henrique Sato
Pearl Dsilva
Abhisar Sinha
Abhishek Kumar
Erik Böck
Nicolas Vazquez
Suyang(Dawson) Chen
Bernardo De Marco Gonçalves
Tonitzpp
YoulongChen
argusb
vladimirpetrov