Merge a1df168243 into cd5bb09d0d

Fix potential leaks in executePipedCommands (#12478 )
UI: fix issues when deploy VNF applicance on network with SG (#12436 )
2026-01-22 09:59:55 +00:00 · 2026-01-22 10:59:41 +01:00 · 2026-01-22 10:56:03 +01:00 · 2026-01-12 17:21:26 -05:00
7 changed files with 37 additions and 15 deletions
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@ -2527,7 +2527,7 @@
 "label.vnf.app.action.reinstall": "Reinstall VNF Appliance",
 "label.vnf.cidr.list": "CIDR from which access to the VNF appliance's Management interface should be allowed from",
 "label.vnf.cidr.list.tooltip": "the CIDR list to forward traffic from to the VNF management interface. Multiple entries must be separated by a single comma character (,). The default value is 0.0.0.0/0.",
-"label.vnf.configure.management": "Configure Firewall and Port Forwarding rules for VNF's management interfaces",
+"label.vnf.configure.management": "Configure network rules for VNF's management interfaces",
 "label.vnf.configure.management.tooltip": "True by default, security group or network rules (source nat and firewall rules) will be configured for VNF management interfaces. False otherwise. Learn what rules are configured at http://docs.cloudstack.apache.org/en/latest/adminguide/networking/vnf_templates_appliances.html#deploying-vnf-appliances",
 "label.vnf.detail.add": "Add VNF detail",
 "label.vnf.detail.remove": "Remove VNF detail",
--- a/ui/src/config/section/network.js
+++ b/ui/src/config/section/network.js
@ -356,7 +356,10 @@ export default {
      permission: ['listVnfAppliances'],
      resourceType: 'UserVm',
      params: () => {
-        return { details: 'servoff,tmpl,nics', isvnf: true }
+        return {
+          details: 'group,nics,secgrp,tmpl,servoff,diskoff,iso,volume,affgrp,backoff,vnfnics',
+          isvnf: true
+        }
      },
      columns: () => {
        const fields = ['name', 'state', 'ipaddress']
--- a/ui/src/utils/plugins.js
+++ b/ui/src/utils/plugins.js
@ -218,18 +218,19 @@ export const notifierPlugin = {
        if (error.response.status) {
          msg = `${i18n.global.t('message.request.failed')} (${error.response.status})`
        }
-        if (error.message) {
-          desc = error.message
-        }
-        if (error.response.headers && 'x-description' in error.response.headers) {
+        if (error.response.headers?.['x-description']) {
          desc = error.response.headers['x-description']
-        }
-        if (desc === '' && error.response.data) {
+        } else if (error.response.data) {
          const responseKey = _.findKey(error.response.data, 'errortext')
          if (responseKey) {
            desc = error.response.data[responseKey].errortext
+          } else if (typeof error.response.data === 'string') {
+            desc = error.response.data
          }
        }
+        if (!desc && error.message) {
+          desc = error.message
+        }
      }
      let countNotify = store.getters.countNotify
      countNotify++
--- a/ui/src/views/compute/DeployVnfAppliance.vue
+++ b/ui/src/views/compute/DeployVnfAppliance.vue
@ -1305,7 +1305,7 @@ export default {
      for (const deviceId of managementDeviceIds) {
        if (this.vnfNicNetworks && this.vnfNicNetworks[deviceId] &&
          ((this.vnfNicNetworks[deviceId].type === 'Isolated' && this.vnfNicNetworks[deviceId].vpcid === undefined) ||
-            (this.vnfNicNetworks[deviceId].type === 'Shared' && this.zone.securitygroupsenabled))) {
+            (this.vnfNicNetworks[deviceId].type === 'Shared' && this.vnfNicNetworks[deviceId].service.filter(svc => svc.name === 'SecurityGroupProvider')))) {
          return true
        }
      }
--- a/ui/src/views/image/RegisterOrUploadTemplate.vue
+++ b/ui/src/views/image/RegisterOrUploadTemplate.vue
@ -638,11 +638,7 @@ export default {
        this.$emit('refresh-data')
        this.closeAction()
      }).catch(e => {
-        this.$notification.error({
-          message: this.$t('message.upload.failed'),
-          description: `${this.$t('message.upload.template.failed.description')} -  ${e}`,
-          duration: 0
-        })
+        this.$notifyError(e)
      })
    },
    fetchCustomHypervisorName () {
--- a/ui/src/views/network/VnfAppliancesTab.vue
+++ b/ui/src/views/network/VnfAppliancesTab.vue
@ -120,7 +120,7 @@ export default {
  methods: {
    fetchData () {
      var params = {
-        details: 'servoff,tmpl,nics',
+        details: 'group,nics,secgrp,tmpl,servoff,diskoff,iso,volume,affgrp,backoff,vnfnics',
        isVnf: true,
        listAll: true
      }
--- a/utils/src/main/java/com/cloud/utils/script/Script.java
+++ b/utils/src/main/java/com/cloud/utils/script/Script.java
@ -40,9 +40,11 @@ import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.TimeoutException;
+import java.util.concurrent.atomic.AtomicReference;
 import java.util.stream.Collectors;

 import org.apache.cloudstack.utils.security.KeyStoreUtils;
+import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@ -708,13 +710,31 @@ public class Script implements Callable<String> {
        return executeCommandForExitValue(0, command);
    }

+    private static void cleanupProcesses(AtomicReference<List<Process>> processesRef) {
+        List<Process> processes = processesRef.get();
+        if (CollectionUtils.isNotEmpty(processes)) {
+            for (Process process : processes) {
+                if (process == null) {
+                    continue;
+                }
+                LOGGER.trace(String.format("Cleaning up process [%s] from piped commands.", process.pid()));
+                IOUtils.closeQuietly(process.getErrorStream());
+                IOUtils.closeQuietly(process.getOutputStream());
+                IOUtils.closeQuietly(process.getInputStream());
+                process.destroyForcibly();
+            }
+        }
+    }
+
    public static Pair<Integer, String> executePipedCommands(List<String[]> commands, long timeout) {
        if (timeout <= 0) {
            timeout = DEFAULT_TIMEOUT;
        }
+        final AtomicReference<List<Process>> processesRef = new AtomicReference<>();
        Callable<Pair<Integer, String>> commandRunner = () -> {
            List<ProcessBuilder> builders = commands.stream().map(ProcessBuilder::new).collect(Collectors.toList());
            List<Process> processes = ProcessBuilder.startPipeline(builders);
+            processesRef.set(processes);
            Process last = processes.get(processes.size()-1);
            try (BufferedReader reader = new BufferedReader(new InputStreamReader(last.getInputStream()))) {
                String line;
@ -741,6 +761,8 @@ public class Script implements Callable<String> {
            result.second(ERR_TIMEOUT);
        } catch (InterruptedException | ExecutionException e) {
            LOGGER.error("Error executing piped commands", e);
+        } finally {
+            cleanupProcesses(processesRef);
        }
        return result;
    }
Author	SHA1	Message	Date
Daman Arora	27bc99e1f4	Merge `a1df168243` into `cd5bb09d0d`	2026-01-22 09:59:55 +00:00
Abhisar Sinha	cd5bb09d0d	Fix potential leaks in executePipedCommands (#12478 )	2026-01-22 10:59:41 +01:00
Wei Zhou	b5e9178078	UI: fix issues when deploy VNF applicance on network with SG (#12436 )	2026-01-22 10:56:03 +01:00
Daman Arora	a1df168243	improve error handling for template upload notifications	2026-01-12 17:21:26 -05:00