Release 0.4.0-2

Author: msinhore

firecracker.sh

@@ -0,0 +1,159 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+usage() {
+  cat <<'EOF'
+Usage: firecracker.sh <action> <payload.json> [timeout]
+
+Actions: create, start, stop, reboot, delete, status, recover, console
+EOF
+}
+
+fail() {
+  echo "{\"status\":\"error\",\"error\":\"$1\"}"
+  exit 1
+}
+
+[[ $# -lt 2 ]] && { usage; fail "Missing action or payload file"; }
+
+ACTION="$1"
+PAYLOAD_FILE="$2"
+TIMEOUT="${3:-${FC_AGENT_TIMEOUT:-30}}"
+
+[[ -r "$PAYLOAD_FILE" ]] || fail "Payload file not found or unreadable"
+if ! [[ "$TIMEOUT" =~ ^[0-9]+$ ]]; then
+  fail "Timeout must be an integer"
+fi
+
+RAW_PAYLOAD="$(<"$PAYLOAD_FILE")"
+
+mapfile -t FIELDS < <(
+  jq -r '[
+      (.vm_name // ."cloudstack.vm.details".name // ."cloudstack.vm.details".uuid // "vm"),
+      (.host_url // .externaldetails.host.url // ""),
+      (.host_port // .externaldetails.host.port // .externaldetails.host.agent_port // 8000),
+      (.host_username // .externaldetails.host.username // .externaldetails.host.user // .externaldetails.host.login // .username // ""),
+      (.host_password // .externaldetails.host.password // .externaldetails.host.pass // .password // ""),
+      (.host_token // .externaldetails.host.token // .externaldetails.host.agent_token // ""),
+      ((.skip_ssl_verification // .host_skip_ssl_verification // .externaldetails.host.skip_ssl_verification // "false") | ascii_downcase),
+      (.ca_bundle // .externaldetails.host.ca_bundle // .externaldetails.host.ca_cert // ""),
+      (.client_cert // .externaldetails.host.client_cert // ""),
+      (.client_key // .externaldetails.host.client_key // "")
+    ] | @tsv' <<<"$RAW_PAYLOAD"
+)
+
+IFS=$'\t' read -r VM_NAME HOST_URL HOST_PORT HOST_USERNAME HOST_PASSWORD HOST_TOKEN SKIP_VERIFY CA_BUNDLE CLIENT_CERT CLIENT_KEY <<<"${FIELDS[0]}"
+
+[[ -z "$HOST_URL" ]] && fail "host_url or externaldetails.host.url is required"
+if [[ "$VM_NAME" =~ [^A-Za-z0-9-] ]]; then
+  fail "Invalid VM name '$VM_NAME'. Only alphanumeric characters and dashes are allowed."
+fi
+
+if [[ "$HOST_URL" != *"://"* ]]; then
+  HOST_URL="http://$HOST_URL"
+  HAS_PORT=false
+else
+  authority="${HOST_URL#*://}"
+  authority="${authority%%/*}"
+  if [[ "$authority" == *:* ]]; then
+    HAS_PORT=true
+  else
+    HAS_PORT=false
+  fi
+fi
+
+BASE="${HOST_URL%/}"
+if [[ $HAS_PORT == false ]]; then
+  BASE="${BASE}:${HOST_PORT}"
+fi
+API_BASE="${BASE%/}/v1"
+
+declare -a CURL_OPTS
+CURL_OPTS=(-sS -w '\n%{http_code}')
+
+if [[ "$SKIP_VERIFY" == "true" || "$SKIP_VERIFY" == "1" ]]; then
+  CURL_OPTS+=(-k)
+fi
+if [[ -n "$CA_BUNDLE" ]]; then
+  CURL_OPTS+=(--cacert "$CA_BUNDLE")
+fi
+if [[ -n "$CLIENT_CERT" ]]; then
+  if [[ -n "$CLIENT_KEY" ]]; then
+    CURL_OPTS+=(--cert "$CLIENT_CERT" --key "$CLIENT_KEY")
+  else
+    CURL_OPTS+=(--cert "$CLIENT_CERT")
+  fi
+fi
+
+declare -a CURL_HEADERS
+CURL_HEADERS=(-H "Accept: application/json")
+if [[ -n "$HOST_TOKEN" ]]; then
+  CURL_HEADERS+=(-H "Authorization: Bearer $HOST_TOKEN")
+fi
+if [[ -n "$HOST_USERNAME" ]]; then
+  CURL_OPTS+=(-u "${HOST_USERNAME}:${HOST_PASSWORD}")
+fi
+
+call_api() {
+  local method="$1"
+  local path="$2"
+  local body="${3:-}"
+  local args=("${CURL_OPTS[@]}" -X "$method" "${CURL_HEADERS[@]}")
+  if [[ -n "$body" ]]; then
+    args+=(-H "Content-Type: application/json" -d "$body")
+  fi
+
+  local response
+  if ! response=$(curl "${args[@]}" "$API_BASE$path"); then
+    fail "HTTP request failed"
+  fi
+  local http_code="${response##*$'\n'}"
+  local body_content="${response%$'\n'$http_code}"
+
+  if [[ "$http_code" =~ ^[45] ]]; then
+    local err
+    err=$(jq -r '.error // .message // @json' <<<"$body_content" 2>/dev/null || echo "$body_content")
+    fail "Agent error ($http_code): $err"
+  fi
+
+  echo "$body_content"
+}
+
+payload_with_spec() {
+  jq -c --argjson timeout "$TIMEOUT" '{spec: ., timeout: $timeout}' "$PAYLOAD_FILE"
+}
+
+timeout_payload() {
+  jq -n --argjson timeout "$TIMEOUT" '{timeout: $timeout}'
+}
+
+case "$ACTION" in
+  create)
+    call_api POST "/vms" "$(payload_with_spec)"
+    ;;
+  start)
+    call_api POST "/vms/${VM_NAME}/start" "$(payload_with_spec)"
+    ;;
+  stop)
+    call_api POST "/vms/${VM_NAME}/stop" "$(timeout_payload)"
+    ;;
+  reboot)
+    call_api POST "/vms/${VM_NAME}/reboot" "$(timeout_payload)"
+    ;;
+  delete)
+    call_api DELETE "/vms/${VM_NAME}"
+    ;;
+  status)
+    call_api GET "/vms/${VM_NAME}/status"
+    ;;
+  recover)
+    call_api POST "/vms/${VM_NAME}/recover" "$(payload_with_spec)"
+    ;;
+  console)
+    call_api POST "/vms/${VM_NAME}/console"
+    ;;
+  *)
+    usage
+    fail "Invalid action '$ACTION'"
+    ;;
+esac

host-agent/api/handlers.py

@@ -670,12 +670,22 @@ def _safe_int(value, default):
         storage = StorageSpec(
             driver="file", volume_file=Path(storage_volume_dir) / f"{vm.name}.img"
         )
-        # Determine networking driver based on CloudStack networking configuration
-        # Default to linux-bridge-vlan for VLAN-based networking
-        net_driver = "linux-bridge-vlan"
-        net_bridge = self.agent_defaults.get("net", {}).get("host_bridge", "")
-        net_host_bridge = self.agent_defaults.get("net", {}).get("host_bridge", "")
-        net_uplink = self.agent_defaults.get("net", {}).get("uplink", "")
+        # Determine networking driver based on payload or agent defaults
+        net_defaults = self.agent_defaults.get("net", {}) or {}
+        net_payload = obj.get("net") or external_details.get("net") or {}
+
+        def _norm(value: Any, default: str = "") -> str:
+            if isinstance(value, str):
+                return value.strip()
+            if value is None:
+                return default
+            return str(value)
+
+        raw_driver = net_payload.get("driver") or net_defaults.get("driver") or "linux-bridge-vlan"
+        net_driver = _norm(raw_driver, "linux-bridge-vlan") or "linux-bridge-vlan"
+        net_bridge = _norm(net_payload.get("bridge"), net_defaults.get("bridge") or net_defaults.get("host_bridge", ""))
+        net_host_bridge = _norm(net_payload.get("host_bridge"), net_defaults.get("host_bridge", ""))
+        net_uplink = _norm(net_payload.get("uplink"), net_defaults.get("uplink", ""))
         net = NetSpec(driver=net_driver, bridge=net_bridge, nics=nics, host_bridge=net_host_bridge, uplink=net_uplink)
         return Spec(vm=vm, host=host, vmext=vmext, storage=storage, net=net)
 

host-agent/debian/changelog

@@ -1,3 +1,13 @@
+firecracker-cloudstack-agent (0.4.0-2) unstable; urgency=medium
+
+  * Fix network driver selection so CloudStack payloads/defaults can request
+    ovs-vlan instead of hardcoded linux-bridge-vlan.
+  * Improve the VNC console bridge (custom geometry, logging, color tweaks)
+    and ship a shell-based client helper (`firecracker.sh`) mirroring the
+    Proxmox extension workflow.
+
+ -- Marco Sinhoreli <msinhore@gmail.com>  Tue, 11 Nov 2025 15:00:00 +0000
+
 firecracker-cloudstack-agent (0.4.0-1) unstable; urgency=medium
 
   * Add a VNC console bridge leveraging Xvfb/xterm/x11vnc and expose it via
@@ -8,6 +18,13 @@ firecracker-cloudstack-agent (0.4.0-1) unstable; urgency=medium
     required x11vnc/xterm/xvfb packages as dependencies.
 
  -- Marco Sinhoreli <msinhore@gmail.com>  Fri, 17 Oct 2025 10:15:00 +0000
+firecracker-cloudstack-agent (0.3.2-2) unstable; urgency=medium
+
+  * Hotfix: honor `net.driver` from CloudStack payloads or agent defaults
+    instead of hardcoding linux-bridge-vlan, so ovs-vlan deployments work
+    without manual patches on v0.3.2.
+
+ -- Marco Sinhoreli <msinhore@gmail.com>  Tue, 11 Nov 2025 14:05:00 +0000
 
 firecracker-cloudstack-agent (0.3.2-1) unstable; urgency=medium