Merge branch 'zsv-ldap-3@@2' into 'feature-zsv-5.0.0-vm-support-vtpm-and-secuceboot'

<feature>[kvm]: add online snapshot support for VM host files

See merge request zstackio/zstack!9485

Author: gitlab

header/src/main/java/org/zstack/header/storage/snapshot/TakeVolumesSnapshotOnKvmMsg.java

@@ -2,6 +2,7 @@
 
 import org.zstack.header.host.HostMessage;
 import org.zstack.header.message.NeedReplyMessage;
+import org.zstack.header.vm.additions.VmHostFileBackupJob;
 
 import java.util.List;
 
@@ -11,6 +12,7 @@
 public class TakeVolumesSnapshotOnKvmMsg extends NeedReplyMessage implements HostMessage {
     private List<TakeSnapshotsOnKvmJobStruct> snapshotJobs;
     private String hostUuid;
+    private List<VmHostFileBackupJob> vmHostFileBackupJobs;
 
     @Override
     public String getHostUuid() {
@@ -28,4 +30,13 @@ public List<TakeSnapshotsOnKvmJobStruct> getSnapshotJobs() {
     public void setSnapshotJobs(List<TakeSnapshotsOnKvmJobStruct> snapshotJobs) {
         this.snapshotJobs = snapshotJobs;
     }
+
+    public List<VmHostFileBackupJob> getVmHostFileBackupJobs() {
+        return vmHostFileBackupJobs;
+    }
+
+    public void setVmHostFileBackupJobs(List<VmHostFileBackupJob> vmHostFileBackupJobs) {
+        this.vmHostFileBackupJobs = vmHostFileBackupJobs;
+    }
+
 }

header/src/main/java/org/zstack/header/storage/snapshot/TakeVolumesSnapshotOnKvmReply.java

@@ -9,6 +9,7 @@
  */
 public class TakeVolumesSnapshotOnKvmReply extends MessageReply {
     private List<TakeSnapshotsOnKvmResultStruct> snapshotsResults;
+    private String hostBackupTempResourceUuid;
 
     public List<TakeSnapshotsOnKvmResultStruct> getSnapshotsResults() {
         return snapshotsResults;
@@ -17,4 +18,12 @@ public List<TakeSnapshotsOnKvmResultStruct> getSnapshotsResults() {
     public void setSnapshotsResults(List<TakeSnapshotsOnKvmResultStruct> snapshotsResults) {
         this.snapshotsResults = snapshotsResults;
     }
+
+    public String getHostBackupTempResourceUuid() {
+        return hostBackupTempResourceUuid;
+    }
+
+    public void setHostBackupTempResourceUuid(String hostBackupTempResourceUuid) {
+        this.hostBackupTempResourceUuid = hostBackupTempResourceUuid;
+    }
 }

header/src/main/java/org/zstack/header/vm/additions/VmHostFileBackupJob.java

@@ -0,0 +1,36 @@
+package org.zstack.header.vm.additions;
+
+/**
+ * @author Zdream
+ * @date 2026-03-28
+ * @since 0.0.5
+ */
+public class VmHostFileBackupJob {
+    private String srcPath;
+    private String destPath;
+    private String type;
+
+    public String getSrcPath() {
+        return srcPath;
+    }
+
+    public void setSrcPath(String srcPath) {
+        this.srcPath = srcPath;
+    }
+
+    public String getDestPath() {
+        return destPath;
+    }
+
+    public void setDestPath(String destPath) {
+        this.destPath = destPath;
+    }
+
+    public String getType() {
+        return type;
+    }
+
+    public void setType(String type) {
+        this.type = type;
+    }
+}

plugin/kvm/src/main/java/org/zstack/kvm/KVMConstant.java

@@ -219,6 +219,25 @@ public static String buildPathForVmHostFileType(VmHostFileType type, String vmUu
         }
     }
 
+    public static final String NV_RAM_SNAPSHOT_BACKUP_FILE_PATH_FORMAT = "/var/lib/libvirt/qemu/nvram/%s-host-files/%s.fd.snapshot-backup";
+    public static String buildNvramSnapshotBackupFilePath(String vmUuid) {
+        return String.format(NV_RAM_SNAPSHOT_BACKUP_FILE_PATH_FORMAT, vmUuid, vmUuid);
+    }
+
+    public static final String TPM_STATE_SNAPSHOT_BACKUP_FILE_PATH_FORMAT = "/var/lib/libvirt/swtpm/%s.snapshot-backup/";
+    public static String buildTpmStateSnapshotBackupFilePath(String vmUuid) {
+        String vmUuidWithHyphen = vmUuid.replaceFirst("(\\w{8})(\\w{4})(\\w{4})(\\w{4})(\\w{12})", "$1-$2-$3-$4-$5");
+        return String.format(TPM_STATE_SNAPSHOT_BACKUP_FILE_PATH_FORMAT, vmUuidWithHyphen);
+    }
+
+    public static String buildSnapshotBackupPathForVmHostFileType(VmHostFileType type, String vmUuid) {
+        switch (type) {
+            case NvRam: return buildNvramSnapshotBackupFilePath(vmUuid);
+            case TpmState: return buildTpmStateSnapshotBackupFilePath(vmUuid);
+            default: throw new CloudRuntimeException("unsupported VmHostFileType: " + type);
+        }
+    }
+
     public static final String DHCP_BIN_FILE_PATH = "/usr/local/zstack/dnsmasq";
 
     enum KvmVmState {

plugin/kvm/src/main/java/org/zstack/kvm/efi/KvmSecureBootExtensions.java

@@ -27,6 +27,8 @@
 import org.zstack.header.tpm.entity.TpmVO_;
 import org.zstack.header.vm.DiskAO;
 import org.zstack.header.vm.PreVmInstantiateResourceExtensionPoint;
+import org.zstack.header.vm.VmInstanceVO;
+import org.zstack.header.vm.VmInstanceVO_;
 import org.zstack.header.vm.VmInstanceConstant;
 import org.zstack.header.vm.AfterReimageVmInstanceExtensionPoint;
 import org.zstack.header.vm.VmInstanceInventory;
@@ -45,6 +47,12 @@
 import org.zstack.header.vm.additions.VmHostFileType;
 import org.zstack.header.vm.additions.VmHostFileVO;
 import org.zstack.header.vm.additions.VmHostFileVO_;
+import org.zstack.header.storage.snapshot.ConsistentType;
+import org.zstack.header.storage.snapshot.CreateVolumesSnapshotOverlayInnerMsg;
+import org.zstack.header.storage.snapshot.TakeVolumesSnapshotOnKvmReply;
+import org.zstack.header.storage.snapshot.VolumeSnapshotCreationExtensionPoint;
+import org.zstack.header.storage.snapshot.VolumeSnapshotInventory;
+import org.zstack.header.storage.snapshot.group.VolumeSnapshotGroupInventory;
 import org.zstack.header.volume.VolumeInventory;
 import org.zstack.kvm.KVMAgentCommands;
 import org.zstack.kvm.KVMAgentCommands.*;
@@ -83,7 +91,8 @@ public class KvmSecureBootExtensions implements KVMStartVmExtensionPoint,
         VmPreMigrationExtensionPoint,
         AfterReimageVmInstanceExtensionPoint,
         VmReleaseResourceExtensionPoint,
-        VmInstanceMigrateExtensionPoint {
+        VmInstanceMigrateExtensionPoint,
+        VolumeSnapshotCreationExtensionPoint {
     private static final CLogger logger = Utils.getLogger(KvmSecureBootExtensions.class);
 
     @Autowired
@@ -634,4 +643,86 @@ public void run(MessageReply reply) {
             }
         });
     }
+
+    @Override
+    public void afterVolumeLiveSnapshotGroupCreatedOnBackend(CreateVolumesSnapshotOverlayInnerMsg msg,
+                                                             TakeVolumesSnapshotOnKvmReply treply,
+                                                             Completion completion) {
+        if (treply == null || !treply.isSuccess()) {
+            completion.success();
+            return;
+        }
+
+        if (!msg.isBackupHostFileIfNeeded()) {
+            completion.success();
+            return;
+        }
+
+        String vmUuid = msg.getLockedVmInstanceUuids().get(0);
+        String hostUuid = Q.New(VmInstanceVO.class)
+                .select(VmInstanceVO_.hostUuid)
+                .eq(VmInstanceVO_.uuid, vmUuid)
+                .findValue();
+
+        List<VmHostFileVO> hostFiles = Q.New(VmHostFileVO.class)
+                .eq(VmHostFileVO_.vmInstanceUuid, vmUuid)
+                .eq(VmHostFileVO_.hostUuid, hostUuid)
+                .list();
+
+        if (hostFiles.isEmpty()) {
+            completion.success();
+            return;
+        }
+
+        String tempResourceUuid = Platform.getUuid();
+
+        SyncVmHostFilesFromHostMsg syncMsg = new SyncVmHostFilesFromHostMsg();
+        syncMsg.setVmUuid(vmUuid);
+        syncMsg.setHostUuid(hostUuid);
+
+        for (VmHostFileVO file : hostFiles) {
+            if (file.getType() == VmHostFileType.NvRam) {
+                syncMsg.setNvRamPath(buildNvramSnapshotBackupFilePath(vmUuid));
+            } else if (file.getType() == VmHostFileType.TpmState) {
+                syncMsg.setTpmStateFolder(buildTpmStateSnapshotBackupFilePath(vmUuid));
+            }
+        }
+
+        syncMsg.setSyncReason("snapshot-group-online-backup");
+        syncMsg.setSyncToBackup(true);
+        syncMsg.setBackupResourceUuid(tempResourceUuid);
+        bus.makeLocalServiceId(syncMsg, VmInstanceConstant.SECURE_BOOT_SERVICE_ID);
+        bus.send(syncMsg, new CloudBusCallBack(completion) {
+            @Override
+            public void run(MessageReply reply) {
+                if (reply.isSuccess()) {
+                    treply.setHostBackupTempResourceUuid(tempResourceUuid);
+                    logger.debug(String.format("synced backup host files for vm[uuid:%s] to VmHostBackupFileVO[resourceUuid:%s]",
+                            vmUuid, tempResourceUuid));
+                } else {
+                    logger.warn(String.format("failed to sync backup host files for vm[uuid:%s] during online snapshot, " +
+                            "but tolerated: %s", vmUuid, reply.getError().getReadableDetails()));
+                }
+                completion.success();
+            }
+        });
+    }
+
+    @Override
+    public void afterVolumeLiveSnapshotGroupCreationFailsOnBackend(CreateVolumesSnapshotOverlayInnerMsg msg,
+                                                                    TakeVolumesSnapshotOnKvmReply treply) {
+        // No cleanup needed — backup files on agent side are ephemeral
+    }
+
+    @Override
+    public void afterVolumeSnapshotGroupCreated(VolumeSnapshotGroupInventory snapshotGroup,
+                                                 ConsistentType consistentType,
+                                                 Completion completion) {
+        completion.success();
+    }
+
+    @Override
+    public void afterVolumeSnapshotCreated(VolumeSnapshotInventory snapshot, Completion completion) {
+        completion.success();
+    }
 }