backup: veeam kvm integration#12991
Conversation
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
todo: patch (needed?)
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
|
@abh1sar a [SL] Jenkins job has been kicked to build packages. It will be bundled with no SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 17544 |
| return true; | ||
| } | ||
|
|
||
| resetService(unitName); |
There was a problem hiding this comment.
If the service is running (checkResult == null) but the control socket is not ready, the code falls through, calls resetService, and then skips the start block because checkResult != null is false. It then waits up to 10 seconds for a socket that will never become ready because nothing restarted the service. The service is left in a broken state.
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
|
@blueorangutan package |
|
@shwstppr a [SL] Jenkins job has been kicked to build packages. It will be bundled with no SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 17647 |
Signed-off-by: Abhishek Kumar <[email protected]>
|
@blueorangutan test |
|
@shwstppr a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests |
|
This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch. |
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
Signed-off-by: Abhishek Kumar <[email protected]>
|
[SF] Trillian test result (tid-15987)
|
|
@blueorangutan package |
|
@shwstppr a [SL] Jenkins job has been kicked to build packages. It will be bundled with no SystemVM templates. I'll keep you posted as I make progress. |
shwstppr
changed the title
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 17665 |
| # Enable TLS for image server transfers. The keys are read from: | ||
| # cert file = /etc/cloudstack/agent/cloud.crt | ||
| # key file = /etc/cloudstack/agent/cloud.key | ||
| image.server.tls.enabled=true |
There was a problem hiding this comment.
@shwstppr
is /etc/cloudstack/agent/cloud.ca.crt used ?
There was a problem hiding this comment.
@abh1sar can tell better but I think yes we use cloud certificates for image server.
To the Veeam worker VM, we just pass the Root CA from the MS
There was a problem hiding this comment.
that's right. Is it ok to show the file names?
| import com.cloud.utils.EnumUtils; | ||
|
|
||
| @APICommand(name = "createImageTransfer", | ||
| description = "Create image transfer for a disk in backup. This API is intended for testing only and is disabled by default.", |
There was a problem hiding this comment.
This API is intended for testing only and is disabled by default.
this sentence exists in all APIs in this folder. is this correct ? @abh1sar
There was a problem hiding this comment.
yes Wei, I don't want to expose these APIs to end users. Only Veeam control service uses them.
But they are useful in testing. For example, we can run integration tests using these even without veeam.
Any better way to handle this?
|
|
||
| @Parameter(name = ApiConstants.FORMAT, | ||
| type = CommandType.STRING, | ||
| description = "Format of the image: cow/raw. Currently only raw is supported for download. Defaults to raw if not provided") |
There was a problem hiding this comment.
Currently only raw is supported for download
I think the image is qcow2/cow format, right ?
There was a problem hiding this comment.
yes, the description is confusing. the format here is not the disk format, but the image transfer format. I'll update the description to "Format for the image transfer: raw/cow. 'raw' will create an NBD backend. 'cow' will use the File backend. For download, only the 'raw' format is supported. Default: raw"
| import org.apache.cloudstack.context.CallContext; | ||
|
|
||
| @APICommand(name = "finalizeImageTransfer", | ||
| description = "Finalize an image transfe. This API is intended for testing only and is disabled by default.r", |
| import com.cloud.event.EventTypes; | ||
|
|
||
| @APICommand(name = "startBackup", | ||
| description = "Start a VM backup session. This API is intended for testing only and is disabled by default.", |
There was a problem hiding this comment.
startBackup is a common word.
it would be better to explain what the intention is, and what hypervisors are supported, etc.
| @@ -16,6 +16,10 @@ | |||
| // under the License. | |||
| package com.cloud.api; | |||
|
|
|||
| import static com.cloud.user.AccountManagerImpl.apiKeyAccess; | |||
| import static org.apache.cloudstack.api.ApiConstants.PASSWORD_CHANGE_REQUIRED; | |||
| import static org.apache.cloudstack.user.UserPasswordResetManager.UserPasswordResetEnabled; | |||
There was a problem hiding this comment.
are these from another PR ?
There was a problem hiding this comment.
That is just due to the reordering of imports
| @@ -10075,4 +10113,33 @@ private void setVncPasswordForKvmIfAvailable(Map<String, String> customParameter | |||
| vm.setVncPassword(customParameters.get(VmDetailConstants.KVM_VNC_PASSWORD)); | |||
| } | |||
| } | |||
|
|
|||
| protected boolean isBlankInstanceDefaultTemplate(VirtualMachineTemplate template) { | |||
| return KVM_VM_DUMMY_TEMPLATE_NAME.equals(template.getUniqueName()); | |||
There was a problem hiding this comment.
maybe rename to KVM_BLANK_VM_TEMPLATE_NAME or so
| if (!isKVMBackupExportServiceSupported(vm.getDataCenterId())) { | ||
| throw new CloudRuntimeException("Veeam-KVM integration can not be used along with the " + BackupProviderPlugin.valueIn(vm.getDataCenterId()) + | ||
| " backup provider. Either set backup.framework.enabled to false or set the Zone level config backup.framework.provider.plugin to \"dummy\"."); | ||
| } |
There was a problem hiding this comment.
this check is used in multiple locations, it would be better to extract to a new method
| 'listVmCheckpoints' : 'Backup and Recovery', | ||
| 'deleteVmCheckpoint' : 'Backup and Recovery', | ||
| 'ImageTransfer' : 'Backup and Recovery', | ||
| 'VmCheckpoint' : 'Backup and Recovery', | ||
| 'UnmanagedInstance': 'Virtual Machine', |
There was a problem hiding this comment.
maybe only the last two are needed
'ImageTransfer' : 'Backup and Recovery',
'VmCheckpoint' : 'Backup and Recovery',
| @@ -87,6 +87,7 @@ export default { | |||
| } | |||
| }, | |||
| created () { | |||
| console.log('---------------', this.$route.meta.name) | |||
Description
Design spec: https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=421954133
This PR introduces the initial implementation of Veeam integration support for KVM in CloudStack by adding a UHAPI-compatible server and image server components.
Veeam Backup & Replication interacts with virtualization platforms using its Universal Hypervisor API (UHAPI). To enable backup and restore workflows for CloudStack-managed KVM environments, this change introduces a UHAPI server that exposes CloudStack resources through a UHAPI-compatible interface.
In addition to the control plane APIs, an image server component is introduced to handle the data transfer operations required during backup and restore workflows.
Architecture
The integration consists of two main components:
A lightweight UHAPI server runs inside the CloudStack management server and exposes endpoints under:
This server provides inventory discovery APIs required by Veeam and translates CloudStack resources into the structures expected by UHAPI.
The server:
A separate image server component is introduced to handle backup and restore data transfer operations.
This component:
The separation between both these components server ensures that:
Documentation PR: apache/cloudstack-documentation#642
Co-authored by @abh1sar @weizhouapache
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity
Screenshots (if appropriate):
How Has This Been Tested?
How did you try to break this feature and the system with this change?