Merge pull request #795 from jschoiRR/diplo-2026

[Mold Diplo] 보안그룹(SG) 적용되 nic가 가상머신에서 제거 후 남아있는 매핑 데이터 제거, 이미지 업로드 시 읽기전용 2차스토리지에 업로드 되는 이슈 기능 수정(읽고/쓰기 2차스토리지만 업로드 되도록)

Author: jschoiRR

engine/orchestration/src/main/java/com/cloud/vm/VirtualMachineManagerImpl.java

@@ -4702,6 +4702,7 @@ private boolean orchestrateRemoveNicFromVm(final VirtualMachine vm, final Nic ni
 
         _networkMgr.removeNic(vmProfile, nic);
         _nicsDao.remove(nic.getId());
+        cleanupSecurityGroupMappingsIfNeeded(vmVO);
         return true;
     }
 
@@ -4777,13 +4778,26 @@ private boolean orchestrateRemoveVmFromNetwork(final VirtualMachine vm, final Ne
             logger.debug("Successfully released nic {} for vm {}", nic, vm);
 
             _networkMgr.removeNic(vmProfile, nic);
+            cleanupSecurityGroupMappingsIfNeeded(vmVO);
             return true;
         } finally {
             _nicsDao.releaseFromLockTable(lock.getId());
             logger.debug("Lock is released for nic {} as a part of remove vm {} from network {}", lock, vm, network);
         }
     }
 
+    private void cleanupSecurityGroupMappingsIfNeeded(final VMInstanceVO vm) {
+        if (vm == null || vm.getType() != VirtualMachine.Type.User || _securityGroupManager.isVmSecurityGroupEnabled(vm.getId())) {
+            return;
+        }
+
+        final UserVmVO userVm = _userVmDao.findById(vm.getId());
+        if (userVm != null) {
+            logger.debug("Removing stale security group mappings for VM {} after NIC removal left no security-group-enabled networks.", vm);
+            _securityGroupManager.removeInstanceFromGroups(userVm);
+        }
+    }
+
     @Override
     public void findHostAndMigrate(final String vmUuid, final Long newSvcOfferingId, final Map<String, String> customParameters, final ExcludeList excludes) throws InsufficientCapacityException, ConcurrentOperationException,
     ResourceUnavailableException {

server/src/main/java/com/cloud/template/HypervisorTemplateAdapter.java

@@ -300,13 +300,29 @@ protected void createTemplateWithinZones(TemplateProfile profile, VMTemplateVO t
     }
 
     protected List<DataStore> getImageStoresThrowsExceptionIfNotFound(long zoneId, TemplateProfile profile) {
-        List<DataStore> imageStores = storeMgr.getImageStoresByZoneIds(zoneId);
+        List<DataStore> imageStores = storeMgr.getImageStoresByScopeExcludingReadOnly(new ZoneScope(zoneId));
         if (imageStores == null || imageStores.size() == 0) {
             throw new CloudRuntimeException(String.format("Unable to find image store to download the template [%s].", profile.getTemplate()));
         }
         return imageStores;
     }
 
+    protected DataStore verifyHeuristicRulesForZone(VMTemplateVO template, Long zoneId) {
+        HeuristicType heuristicType;
+        if (ImageFormat.ISO.equals(template.getFormat())) {
+            heuristicType = HeuristicType.ISO;
+        } else {
+            heuristicType = HeuristicType.TEMPLATE;
+        }
+        DataStore imageStore = heuristicRuleHelper.getImageStoreIfThereIsHeuristicRule(zoneId, heuristicType, template);
+        if (imageStore == null || isWritableImageStore(imageStore, zoneId)) {
+            return imageStore;
+        }
+
+        logger.info("Heuristic rule selected readonly image store [{}] in zone [{}]; skipping it for template upload.", imageStore, zoneId);
+        return null;
+    }
+
     protected void standardImageStoreAllocation(List<DataStore> imageStores, VMTemplateVO template) {
         Set<Long> zoneSet = new HashSet<Long>();
         Collections.shuffle(imageStores);

ui/public/locales/ko_KR.json

@@ -1791,9 +1791,9 @@
 "label.nfsserver": "NFS \uc11c\ubc84",
 "label.nic": "NIC",
 "label.nicadaptertype": "NIC \uc5b4\ub311\ud130 \uc720\ud615",
-"label.nicmultiqueuenumber": "NIC multiqueue \ubc88\ud638",
-"label.nicmultiqueuenumber.tooltip": "NIC multiqueue \ubc88\ud638\uc785\ub2c8\ub2e4. KVM\ub9cc \uc9c0\uc6d0\ud569\ub2c8\ub2e4. \"-1\" \uac12\uc740 NIC multiqueue \ubc88\ud638\uac00 \uc778\uc2a4\ud134\uc2a4\uc758 vCPU \ubc88\ud638\ub85c \uc124\uc815\ub428\uc744 \ub098\ud0c0\ub0c5\ub2c8\ub2e4.",
-"label.nicpackedvirtqueuesenabled": "NIC \uc555\ucd95 virtqueues \ud65c\uc131\ud654\ub428",
+"label.nicmultiqueuenumber": "NIC multiqueue \uc218",
+"label.nicmultiqueuenumber.tooltip": "NIC multiqueue \uc218\uc785\ub2c8\ub2e4. KVM\ub9cc \uc9c0\uc6d0\ud569\ub2c8\ub2e4. \"-1\" \uac12\uc740 NIC multiqueue \uc218\ub294 \uc778\uc2a4\ud134\uc2a4\uc758 vCPU \uc218\ub85c \uc124\uc815\ub428\uc744 \ub098\ud0c0\ub0c5\ub2c8\ub2e4.",
+"label.nicpackedvirtqueuesenabled": "NIC \uc555\ucd95 virtqueues \ud65c\uc131\ud654",
 "label.nicpackedvirtqueuesenabled.tooltip": "NIC \uc555\ucd95 virtqueues \ud65c\uc131\ud654 \uc5ec\ubd80\uc785\ub2c8\ub2e4. QEMU >= 4.2.0 \ubc0f Libvirt >= 6.3.0\uc778 KVM\ub9cc \uc9c0\uc6d0\ud569\ub2c8\ub2e4.",
 "label.nics": "NIC",
 "label.no": "\uc544\ub2c8\uc624",