CloudStack

Understanding the sync and async phases of VM deployment. SYNC PHASE (~250ms) Client blocks here. Must complete before job ID is returned. ┌─────────────────────────────────────────────────────────────────────────┐ │ SYNC PHASE (37.044 - 37.296) ~250ms │ ├─────────────────────────────────────────────────────────────────────────┤ │ │ │ HTTP POST /deployVirtualMachine │ │ │ │ │ ▼ │ │ ┌─────────────────┐ │ │ │ Authentication │ 2FA check, CIDR validation │ │ │ Authorization │ Role check, resource permissions │ │ └────────┬────────┘ │ │ ▼ │ │ ┌─────────────────┐ │ │ │ DB Allocation │ vm_instance (Stopped), nics, volumes (Allocated) │ │ │ │ resource_count incremented │ │ └────────┬────────┘ │ │ ▼ │ │ ┌─────────────────┐ │ │ │ Submit Job │ AsyncJobManager creates job-43 │ │ └────────┬────────┘ │ │ ▼ │ │ Return: { jobid: "5dc96a21-....

Both VPCs and Isolated Networks in Apache CloudStack provide Layer-3 network isolation for user VMs, but they differ in design and use cases. Isolated Network An Isolated Network is a single, flat network with one virtual router. All VMs share the same subnet and routing domain. Key points: One subnet per network (e.g., 10.1.1.0/24). One virtual router handles NAT, DHCP, and firewall rules. No inter-tier routing; traffic is flat. Ideal for single-tier applications or quick deployments....

Snapshots in Apache CloudStack can exist at two levels — VM snapshots and volume snapshots — each serving different purposes and stored in different locations. VM Snapshots A VM snapshot is a hypervisor-level checkpoint of an entire virtual machine. It captures the VM’s disk state and optionally its memory, allowing fast rollback to a previous state. Key points: Stored on primary storage. Created quickly without full data copy. Can include memory state for live restore....

CloudStack components communicate across multiple networks and ports. Port Summary Table Source / Target Port(s) Purpose / Description User → Management Server 8080 / 8096 CloudStack UI / API Management Server ↔ Management Server 9090 / 8250 Clustered management coordination Management Server ↔ MySQL 3306 Database connection CPVM ↔ Management Server 8250 Console proxy and control communication SSVM ↔ Management Server 8250 Secondary storage operations (template, ISO, snapshot jobs) Virtual Router ↔ Management Server 3922 SSH control and configuration SSVM ↔ Secondary Storage (NFS) 111 / 2049 NFS mount and data transfer CPVM ↔ Hypervisors 22 / 443 Console proxy, authentication, and HTTPS access SSVM ↔ HTTP File Share 80 / 443 Template and ISO downloads User Browser ↔ CPVM 443 / 80 HTTPS console access for VM consoles Management Server ↔ Xen Hosts 22 / 80 / 443 Agent management, API communication Management Server ↔ KVM Hosts 22 Agent setup via SSH Management Server ↔ vCenter (ESXi) 443 vCenter API communication Virtual Router ↔ Secondary Storage 111 / 2049 Template and snapshot copy operations Accessing System VMs (CPVM / SSVM / VR) CloudStack deploys system VMs (such as CPVM, SSVM, and Virtual Routers) with an isolated link-local IP and restricted SSH access....

1. Template / ISO Download Workflow When a user registers a new ISO or template via a URL, CloudStack offloads the download job to the Secondary Storage VM (SSVM). Step Action Component 1 User hosts ISO/template on HTTP server External (public web server) 2 User registers the URL CloudStack UI / API 3 CloudStack sends download job to SSVM Management Server 4 SSVM downloads the file via HTTP/HTTPS Secondary Storage VM (SSVM) 5 SSVM writes the file to secondary storage (NFS) /export/secondary on Management Server 6 CloudStack marks the template/ISO as “Ready” CloudStack Database Textual Flow Diagram +----------------------------+ | CloudStack Management | +-------------+--------------+ | Registers Template/ISO URL | v +-----------------------+ | Secondary Storage VM | (SSVM) +-----------+-----------+ | Downloads via HTTP/HTTPS | v +------------------------+ | Secondary Storage (NFS)| | /export/secondary | +------------------------+ | v Marks Template as READY 2....