changes for blank instance with security groups

Correct OS for worker VM is Rocky Linux 9

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

Author: shwstppr

api/src/main/java/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java

@@ -288,6 +288,14 @@ public boolean isCleanupExtraConfig() {
         return Boolean.TRUE.equals(cleanupExtraConfig);
     }
 
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public void setSecurityGroupIdList(List<Long> securityGroupIdList) {
+        this.securityGroupIdList = securityGroupIdList;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////

engine/schema/src/main/java/com/cloud/network/security/dao/SecurityGroupDao.java

@@ -31,4 +31,6 @@ public interface SecurityGroupDao extends GenericDao<SecurityGroupVO, Long> {
     List<SecurityGroupVO> findByAccountAndNames(Long accountId, String... names);
 
     int removeByAccountId(long accountId);
+
+    List<SecurityGroupVO> listByIds(List<Long> ids);
 }

engine/schema/src/main/java/com/cloud/network/security/dao/SecurityGroupDaoImpl.java

@@ -129,4 +129,14 @@ public boolean expunge(Long id) {
         txn.commit();
         return result;
     }
+
+    @Override
+    public List<SecurityGroupVO> listByIds(List<Long> ids) {
+        SearchBuilder<SecurityGroupVO> idsSearch = createSearchBuilder();
+        idsSearch.and("ids", idsSearch.entity().getId(), SearchCriteria.Op.IN);
+        idsSearch.done();
+        SearchCriteria<SecurityGroupVO> sc = idsSearch.create();
+        sc.setParameters("ids", ids.toArray());
+        return listBy(sc);
+    }
 }

engine/schema/src/main/java/com/cloud/vm/dao/NicDao.java

@@ -26,6 +26,8 @@
 public interface NicDao extends GenericDao<NicVO, Long> {
     List<NicVO> listByVmId(long instanceId);
 
+    int countByVmId(long instanceId);
+
     List<NicVO> listByVmIdOrderByDeviceId(long instanceId);
 
     List<String> listIpAddressInNetwork(long networkConfigId);

engine/schema/src/main/java/com/cloud/vm/dao/NicDaoImpl.java

@@ -126,6 +126,13 @@ public List<NicVO> listByVmId(long instanceId) {
         return listBy(sc);
     }
 
+    @Override
+    public int countByVmId(long instanceId) {
+        SearchCriteria<NicVO> sc = AllFieldsSearch.create();
+        sc.setParameters("instance", instanceId);
+        return getCount(sc);
+    }
+
     @Override
     public List<NicVO> listByVmIdOrderByDeviceId(long instanceId) {
         SearchCriteria<NicVO> sc = AllFieldsSearch.create();

plugins/integrations/veeam-control-service/src/main/java/org/apache/cloudstack/veeam/adapter/ServerAdapter.java

@@ -23,9 +23,11 @@
 import java.util.Base64;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Set;
 import java.util.UUID;
 import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
@@ -167,8 +169,10 @@
 import com.cloud.network.as.dao.AutoScaleVmGroupVmMapDao;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.NetworkVO;
+import com.cloud.network.security.SecurityGroupVMMapVO;
 import com.cloud.network.security.SecurityGroupVO;
 import com.cloud.network.security.dao.SecurityGroupDao;
+import com.cloud.network.security.dao.SecurityGroupVMMapDao;
 import com.cloud.offering.ServiceOffering;
 import com.cloud.org.Grouping;
 import com.cloud.projects.Project;
@@ -226,7 +230,7 @@ public class ServerAdapter extends ManagerBase {
     );
     private static final String VM_TAG_KEY = "veeam_tag";
     private static final String WORKER_VM_GUEST_CPU_MODE = "host-passthrough";
-    private static final String WORKER_VM_GUEST_OS = "AlmaLinux 9";
+    private static final String WORKER_VM_GUEST_OS = "Rocky Linux 9";
     private static final String RESTORE_CONFIG = "restore.config";
 
     @Inject
@@ -343,6 +347,9 @@ public class ServerAdapter extends ManagerBase {
     @Inject
     SecurityGroupDao securityGroupDao;
 
+    @Inject
+    SecurityGroupVMMapDao securityGroupVMMapDao;
+
     @Inject
     SharedFSService sharedFSService;
 
@@ -630,13 +637,39 @@ protected SecurityGroupVO getValidatedSecurityGroup(String securityGroupUuid) {
         }
         SecurityGroupVO group = securityGroupDao.findByUuid(securityGroupUuid);
         if (group == null) {
-            logger.warn("Failed to find userdata with ID {} specified in Instance creation request, " +
-                    "skipping security group assignment", securityGroupUuid);
+            logger.warn("Failed to find security group with ID {} specified in Instance creation request, " +
+                    "skipping its assignment", securityGroupUuid);
             return null;
         }
         return group;
     }
 
+    protected List<Long> getValidatedSecurityGroups(List<String> uuids, long vmId) {
+        if (CollectionUtils.isEmpty(uuids)) {
+            return null;
+        }
+        List<SecurityGroupVO> instanceGroups = getSecurityGroupsForInstance(vmId);
+        Set<Long> existingIds = CollectionUtils.isNotEmpty(instanceGroups)
+                ? instanceGroups.stream().map(SecurityGroupVO::getId).collect(Collectors.toSet())
+                : new HashSet<>();
+        Set<Long> requestedIds = uuids.stream()
+                .map(uuid -> {
+                    SecurityGroupVO group = getValidatedSecurityGroup(uuid);
+                    return group != null ? group.getId() : null;
+                })
+                .filter(Objects::nonNull)
+                .collect(Collectors.toSet());
+        if (CollectionUtils.isEmpty(requestedIds)) {
+            return null;
+        }
+        Set<Long> mergedIds = new HashSet<>(existingIds);
+        mergedIds.addAll(requestedIds);
+        if (mergedIds.equals(existingIds)) {
+            return null;
+        }
+        return new ArrayList<>(mergedIds);
+    }
+
     protected String getValidatedInstanceType(Vm request) {
         String instanceType = StringUtils.trimToNull(request.getInstanceType());
         if (StringUtils.isEmpty(request.getInstanceType())) {
@@ -667,7 +700,7 @@ protected Pair<Vm, UserVm> createInstance(com.cloud.dc.DataCenter zone, Long clu
                 String accountName, Long projectId, String name, String displayName, String serviceOfferingUuid,
                 int cpu, int memory, String templateUuid, GuestOS guestOs, String userdata, ApiConstants.BootType bootType,
                 ApiConstants.BootMode bootMode, String affinityGroupId, String userDataId, String sshKeyPairNames,
-                String instanceType, String securityGroupId, Map<String, String> details) {
+                String instanceType, Map<String, String> details) {
         Account account = owner != null ? owner : CallContext.current().getCallingAccount();
         ServiceOffering serviceOffering = getServiceOfferingIdForVmCreation(zone, account, serviceOfferingUuid, cpu,
                 memory);
@@ -714,10 +747,6 @@ protected Pair<Vm, UserVm> createInstance(com.cloud.dc.DataCenter zone, Long clu
         if (userData != null) {
             cmd.setUserDataId(userData.getId());
         }
-        SecurityGroupVO securityGroup = getValidatedSecurityGroup(securityGroupId);
-        if (securityGroup != null) {
-            cmd.setSecurityGroupList(List.of(securityGroup.getId()));
-        }
         if (StringUtils.isNotBlank(sshKeyPairNames)) {
             cmd.setSshKeyPairNames(getValidatedSshKeyPairNames(sshKeyPairNames, owner));
         }
@@ -736,7 +765,7 @@ protected Pair<Vm, UserVm> createInstance(com.cloud.dc.DataCenter zone, Long clu
             UserVmJoinVO vo = userVmJoinDao.findById(vm.getId());
             Vm vmObj = UserVmJoinVOToVmConverter.toVm(vo, this::getHostById, this::getDetailsByInstanceId,
                     this::listTagsByInstanceId, this::listDiskAttachmentsByInstanceId, this::listNicsByInstance,
-                    null, false);
+                    null, null, false);
             return new Pair<>(vmObj, vm);
         } catch (InsufficientCapacityException | ResourceUnavailableException | ResourceAllocationException | CloudRuntimeException e) {
             throw new CloudRuntimeException("Failed to create VM: " + e.getMessage(), e);
@@ -823,12 +852,8 @@ protected void processInstanceRestoreConfigIfNeeded(UserVm userVm, Volume volume
         sharedFSService.updateSharedFSPostRestore(sharedFS.getId(), volume.getId());
     }
 
-    protected Pair<String, String> getValidatedInstanceNicDetails(final UserVmVO vm, final NetworkVO network) {
-        if (ObjectUtils.anyNull(vm, network)) {
-            return new Pair<>(null, null);
-        }
-        VMInstanceDetailVO detail = vmInstanceDetailsDao.findDetail(vm.getId(), RESTORE_CONFIG);
-        if (detail == null || StringUtils.isBlank(detail.getValue())) {
+    protected Pair<String, String> getValidatedInstanceNicDetails(final VMInstanceDetailVO detail, final NetworkVO network) {
+        if (ObjectUtils.anyNull(detail, network) || StringUtils.isBlank(detail.getValue())) {
             return new Pair<>(null, null);
         }
         Pair<String, String> result = OvfXmlUtil.getVmNicDetailFromStoredConfig(detail.getValue(), network.getUuid(), logger);
@@ -862,6 +887,34 @@ protected Pair<String, String> getValidatedInstanceNicDetails(final UserVmVO vm,
         return new Pair<>(mac, ip4Address);
     }
 
+    protected void updateInstanceSecurityGroupsIfNeeded(final UserVmVO vmVo, final VMInstanceDetailVO detail, final NetworkVO network) {
+        if (ObjectUtils.anyNull(detail, network) || StringUtils.isBlank(detail.getValue())) {
+            return;
+        }
+        String config = detail.getValue();
+        Vm vm = OvfXmlUtil.parseVmRestoreConfig(config, logger);
+        if (CollectionUtils.isEmpty(vm.getSecurityGroupIds())) {
+            return;
+        }
+        List<Long> securityGroupIds = getValidatedSecurityGroups(vm.getSecurityGroupIds(), vmVo.getId());
+        if (CollectionUtils.isEmpty(securityGroupIds)) {
+            return;
+        }
+        if (!networkModel.areServicesSupportedInNetwork(network.getId(), NetworkVO.Service.SecurityGroup)) {
+            logger.debug("{} does not support security groups, will try with remaining networks for {}", network, vmVo);
+            return;
+        }
+        UpdateVMCmd cmd = new UpdateVMCmd();
+        ComponentContext.inject(cmd);
+        cmd.setId(vmVo.getId());
+        cmd.setSecurityGroupIdList(securityGroupIds);
+        try {
+            userVmManager.updateVirtualMachine(cmd);
+        } catch (ResourceUnavailableException | InsufficientCapacityException e) {
+            throw new CloudRuntimeException("Failed to add security group(s) due to: " + e.getMessage());
+        }
+    }
+
     protected static long getProvisionedSizeInGb(String sizeStr) {
         long provisionedSizeInGb;
         try {
@@ -997,6 +1050,17 @@ protected SharedFS getSharedFSForInstance(UserVmJoinVO vo) {
         return sharedFSService.getSharedFSForVmId(vo.getId());
     }
 
+    protected List<SecurityGroupVO> getSecurityGroupsForInstance(long vmId) {
+        List<SecurityGroupVMMapVO> mappings = securityGroupVMMapDao.listByInstanceId(vmId);
+        if (CollectionUtils.isEmpty(mappings)) {
+            return null;
+        }
+        return securityGroupDao.listByIds(
+                mappings.stream()
+                        .map(SecurityGroupVMMapVO::getSecurityGroupId)
+                        .collect(Collectors.toList()));
+    }
+
     protected void validateInstanceBackupConditions(UserVm vm) {
         List<AutoScaleVmGroupVmMapVO> asGroupVmVOs = autoScaleVmGroupVmMapDao.listByVm(vm.getId());
         if (CollectionUtils.isNotEmpty(asGroupVmVOs)) {
@@ -1138,10 +1202,11 @@ public List<Vm> listAllInstances(boolean includeTags, boolean includeDisks, bool
         return UserVmJoinVOToVmConverter.toVmList(vms,
                 this::getHostById,
                 this::getDetailsByInstanceId,
-                includeTags ? this::listTagsByInstanceId : null,
-                includeDisks ? this::listDiskAttachmentsByInstanceId : null,
-                includeNics ? this::listNicsByInstance : null,
+                (includeTags || allContent) ? this::listTagsByInstanceId : null,
+                (includeDisks || allContent) ? this::listDiskAttachmentsByInstanceId : null,
+                (includeNics || allContent) ? this::listNicsByInstance : null,
                 allContent ? this::getSharedFSForInstance: null,
+                allContent ? this::getSecurityGroupsForInstance: null,
                 allContent);
     }
 
@@ -1155,10 +1220,11 @@ public Vm getInstance(String uuid, boolean includeTags, boolean includeDisks, bo
         return UserVmJoinVOToVmConverter.toVm(vo,
                 this::getHostById,
                 this::getDetailsByInstanceId,
-                includeTags ? this::listTagsByInstanceId : null,
-                includeDisks ? this::listDiskAttachmentsByInstanceId : null,
-                includeNics ? this::listNicsByInstance : null,
-                allContent ? this::getSharedFSForInstance : null,
+                (includeTags || allContent) ? this::listTagsByInstanceId : null,
+                (includeDisks || allContent) ? this::listDiskAttachmentsByInstanceId : null,
+                (includeNics || allContent) ? this::listNicsByInstance : null,
+                allContent ? this::getSharedFSForInstance: null,
+                allContent ? this::getSecurityGroupsForInstance: null,
                 allContent);
     }
 
@@ -1227,8 +1293,7 @@ public Vm createInstance(Vm request) {
         Pair<Vm, UserVm> result = createInstance(zone, clusterId, owner, ownerDetails.first(), ownerDetails.second(),
                 ownerDetails.third(), name, displayName, serviceOfferingUuid, cpu, memoryMB, templateUuid, guestOs,
                 userdata, bootOptions.first(), bootOptions.second(), request.getAffinityGroupId(),
-                request.getUserDataId(), request.getSshKeyPairNames(), instanceType,
-                request.getSecurityGroupId(), request.getDetails());
+                request.getUserDataId(), request.getSshKeyPairNames(), instanceType, request.getDetails());
         saveInstanceRestoreConfig(request, result.second());
         return result.first();
     }
@@ -1583,7 +1648,8 @@ public Nic attachInstanceNic(final String vmUuid, final Nic request) {
                 accountCannotAccessNetwork(networkVO, vmVo.getAccountId())) {
             assignVmToAccount(vmVo, networkVO.getAccountId());
         }
-        Pair<String, String> nicDetails = getValidatedInstanceNicDetails(vmVo, networkVO);
+        VMInstanceDetailVO detail = vmInstanceDetailsDao.findDetail(vmVo.getId(), RESTORE_CONFIG);
+        Pair<String, String> nicDetails = getValidatedInstanceNicDetails(detail, networkVO);
         AddNicToVMCmd cmd = new AddNicToVMCmd();
         ComponentContext.inject(cmd);
         cmd.setVmId(vmVo.getId());
@@ -1598,6 +1664,7 @@ public Nic attachInstanceNic(final String vmUuid, final Nic request) {
         if (nic == null) {
             throw new CloudRuntimeException("Failed to attach NIC to VM");
         }
+        updateInstanceSecurityGroupsIfNeeded(vmVo, detail, networkVO);
         return NicVOToNicConverter.toNic(nic, vmUuid, this::getNetworkById);
     }
 

plugins/integrations/veeam-control-service/src/main/java/org/apache/cloudstack/veeam/api/converter/AsyncJobJoinVOToJobConverter.java

@@ -78,7 +78,7 @@ protected static void fillAction(final ResourceAction action, final AsyncJobJoin
     public static VmAction toVmAction(final AsyncJobJoinVO vo, final UserVmJoinVO vm) {
         VmAction action = new VmAction();
         fillAction(action, vo);
-        action.setVm(UserVmJoinVOToVmConverter.toVm(vm, null, null, null, null, null, null, false));
+        action.setVm(UserVmJoinVOToVmConverter.toVm(vm, null, null, null, null, null, null, null, false));
         return action;
     }
 

plugins/integrations/veeam-control-service/src/main/java/org/apache/cloudstack/veeam/api/converter/ImageTransferVOToImageTransferConverter.java

@@ -52,7 +52,6 @@ public static ImageTransfer toImageTransfer(ImageTransferVO vo, final Function<L
         } else if (org.apache.cloudstack.backup.ImageTransfer.Phase.failed.equals(vo.getPhase())) {
             imageTransfer.setPhase("finished_failed");
         }
-        imageTransfer.setProxyUrl(vo.getTransferUrl());
         imageTransfer.setShallow(Boolean.toString(false));
         imageTransfer.setTimeoutPolicy("legacy");
         imageTransfer.setTransferUrl(vo.getTransferUrl());

plugins/integrations/veeam-control-service/src/main/java/org/apache/cloudstack/veeam/api/converter/UserVmJoinVOToVmConverter.java

@@ -46,6 +46,7 @@
 
 import com.cloud.api.query.vo.HostJoinVO;
 import com.cloud.api.query.vo.UserVmJoinVO;
+import com.cloud.network.security.SecurityGroupVO;
 import com.cloud.vm.VirtualMachine;
 
 public final class UserVmJoinVOToVmConverter {
@@ -64,6 +65,7 @@ public static Vm toVm(final UserVmJoinVO src,
                           final Function<Long, List<DiskAttachment>> disksResolver,
                           final Function<UserVmJoinVO, List<Nic>> nicsResolver,
                           final Function<UserVmJoinVO, SharedFS> sharedFsResolver,
+                          final Function<Long, List<SecurityGroupVO>> securityGroupsResolver,
                           final boolean allContent) {
         if (src == null) {
             return null;
@@ -179,7 +181,11 @@ public static Vm toVm(final UserVmJoinVO src,
         dst.setGuestOsName(src.getGuestOsDisplayName());
         dst.setInstanceType(src.getUserVmType());
         updateSharedFSDetailsIfNeeded(src, sharedFsResolver, dst);
-        dst.setSecurityGroupId(src.getSecurityGroupUuid());
+        if (securityGroupsResolver != null) {
+            dst.setSecurityGroupIds(securityGroupsResolver.apply(src.getId()).stream()
+                    .map(SecurityGroupVO::getUuid)
+                    .collect(Collectors.toList()));
+        }
 
         // Keep at end
         if (allContent) {
@@ -224,10 +230,11 @@ public static List<Vm> toVmList(final List<UserVmJoinVO> srcList,
                                     final Function<Long, List<DiskAttachment>> disksResolver,
                                     final Function<UserVmJoinVO, List<Nic>> nicsResolver,
                                     final Function<UserVmJoinVO, SharedFS> sharedFsResolver,
+                                    final Function<Long, List<SecurityGroupVO>> securityGroupsResolver,
                                     final boolean allContent) {
         return srcList.stream()
                 .map(v -> toVm(v, hostResolver, detailsResolver, tagsResolver, disksResolver,
-                        nicsResolver, sharedFsResolver, allContent))
+                        nicsResolver, sharedFsResolver, securityGroupsResolver, allContent))
                 .collect(Collectors.toList());
     }
 

plugins/integrations/veeam-control-service/src/main/java/org/apache/cloudstack/veeam/api/dto/OvfXmlUtil.java

@@ -21,6 +21,7 @@
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.text.SimpleDateFormat;
+import java.util.Arrays;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
@@ -487,8 +488,8 @@ private static void addCloudStackMetadata(Vm vm, UserVmJoinVO vo, StringBuilder
                 sb.append("<SharedFSId>").append(escapeText(vm.getSharedFSId())).append("</SharedFSId>");
                 sb.append("<SharedFSVolumeName>").append(escapeText(vm.getSharedFsVolumeName())).append("</SharedFSVolumeName>");
             }
-            if (StringUtils.isNotBlank(vm.getSecurityGroupId())) {
-                sb.append("<SecurityGroupId>").append(escapeText(vm.getSecurityGroupId())).append("</SecurityGroupId>");
+            if (CollectionUtils.isNotEmpty(vm.getSecurityGroupIds())) {
+                sb.append("<SecurityGroupIds>").append(escapeText(StringUtils.join(vm.getSecurityGroupIds(), ","))).append("</SecurityGroupIds>");
             }
             sb.append("</CloudStack>");
             sb.append("</Section>");
@@ -834,9 +835,9 @@ private static void updateFromXmlCloudStackMetadataSection(Vm vm, Node metadataS
         if (StringUtils.isNotBlank(sharedFSVolumeName)) {
             vm.setSharedFsVolumeName(sharedFSVolumeName);
         }
-        String securityGroupId = xpathString(xpath, metadataSection, ".//*[local-name()='SecurityGroupId']/text()");
-        if (StringUtils.isNotBlank(securityGroupId)) {
-            vm.setInstanceType(securityGroupId);
+        String securityGroupIds = xpathString(xpath, metadataSection, ".//*[local-name()='SecurityGroupIds']/text()");
+        if (StringUtils.isNotBlank(securityGroupIds)) {
+            vm.setSecurityGroupIds(Arrays.asList(StringUtils.split(securityGroupIds, ",")));
         }
         final Map<String, String> details = new HashMap<>();
         try {