5.5.22 unified-hardware QA bug batch: 85182/85184/85190/85350

conf/db/upgrade/V5.5.18__schema.sql

@@ -173,13 +173,6 @@ CREATE TABLE IF NOT EXISTS `PhysicalServerHardwareInfoVO` (
     `cpuCores` INT DEFAULT NULL,
     `cpuArchitecture` VARCHAR(255) DEFAULT NULL,
     `totalMemoryBytes` BIGINT DEFAULT NULL,
-    `memoryModuleCount` INT DEFAULT NULL,
-    `totalDiskBytes` BIGINT DEFAULT NULL,
-    `diskCount` INT DEFAULT NULL,
-    `nicCount` INT DEFAULT NULL,
-    `gpuCount` INT DEFAULT NULL,
-    `healthStatus` VARCHAR(255) DEFAULT NULL,
-    `discoverSource` VARCHAR(255) DEFAULT NULL,
     `lastDiscoverDate` TIMESTAMP NULL DEFAULT NULL,
     `lastOpDate` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
     `createDate` TIMESTAMP NOT NULL DEFAULT '2000-01-01 00:00:00',

conf/springConfigXml/PhysicalServerManager.xml

@@ -133,4 +133,18 @@
 
     <bean id="physicalServerPathTwoOrchestrator"
           class="org.zstack.server.PhysicalServerPathTwoOrchestrator" />
+
+    <!--
+        QA gap (Confluence pageId=208903964 #2) / PRD §2.5.1: backfill
+        PhysicalServerVO.serialNumber / manufacturer / model from HostSystemTags
+        in the call-after-add-host-extension hook (chain tail), after connect has
+        written the tags. InitPhysicalServerCapacityFlow runs at chain head per
+        ADR-012 fail-loud ordering, too early to read SystemTag.
+    -->
+    <bean id="PhysicalServerKvmIdentityBackfillExtension"
+          class="org.zstack.server.PhysicalServerKvmIdentityBackfillExtension">
+        <zstack:plugin>
+            <zstack:extension interface="org.zstack.header.host.HostAddExtensionPoint" />
+        </zstack:plugin>
+    </bean>
 </beans>

conf/springConfigXml/encrypt.xml

@@ -42,6 +42,6 @@
         </zstack:plugin>
     </bean>
 
-    <bean id="PasswordConvert" class="org.zstack.core.convert.PasswordConverter" />
+    <bean id="PasswordConvert" class="org.zstack.header.core.convert.PasswordConverter" />
     <bean id="SpecialDataConverter" class="org.zstack.core.convert.SpecialDataConverter" />
 </beans>

core/src/main/java/org/zstack/core/convert/SpecialDataConverter.java

@@ -5,7 +5,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Configurable;
 import org.springframework.stereotype.Component;
-import org.zstack.core.encrypt.EncryptFacade;
+import org.zstack.header.core.convert.EncryptFacade;
 import org.zstack.core.encrypt.EncryptGlobalConfig;
 import org.zstack.header.core.encrypt.PasswordEncryptType;
 import org.zstack.utils.Utils;

core/src/main/java/org/zstack/core/encrypt/EncryptFacadeImpl.java

@@ -5,14 +5,15 @@
 import org.zstack.core.Platform;
 import org.zstack.core.componentloader.PluginRegistry;
 import org.zstack.core.config.*;
-import org.zstack.core.convert.PasswordConverter;
+import org.zstack.header.core.convert.PasswordConverter;
 import org.zstack.core.convert.SpecialDataConverter;
 import org.zstack.core.db.DatabaseFacade;
 import org.zstack.core.db.Q;
 import org.zstack.core.db.SQL;
 import org.zstack.core.db.SQLBatch;
 import org.zstack.header.Component;
 import org.zstack.header.core.encrypt.*;
+import org.zstack.header.core.convert.EncryptFacade;
 import org.zstack.header.errorcode.ErrorableValue;
 import org.zstack.header.errorcode.OperationFailureException;
 import org.zstack.header.exception.CloudRuntimeException;
@@ -76,6 +77,12 @@ public ErrorableValue<String> decrypt(String data, String algType) {
         return encryptDriver.decrypt(data, algType);
     }
 
+    @Override
+    public boolean isEncryptionDisabled() {
+        return PasswordEncryptType.None.toString()
+                .equals(EncryptGlobalConfig.ENABLE_PASSWORD_ENCRYPT.value(String.class));
+    }
+
     private String getQuerySql(List<CovertSubClass> covertSubClasses, String className, String fieldName, String uuid) {
         List<String> whereSqlList = covertSubClasses.stream()
                 .filter(subClass -> subClass.classSimpleName().equals(className) && !subClass.columnName().isEmpty())

header/src/main/java/org/zstack/header/core/convert/EncryptFacade.java

@@ -0,0 +1,40 @@
+package org.zstack.header.core.convert;
+
+import org.zstack.header.core.encrypt.EncryptEntityState;
+import org.zstack.header.core.encrypt.EncryptedFieldBundle;
+import org.zstack.header.errorcode.ErrorableValue;
+
+import java.util.List;
+
+/**
+ * Header-resident interface so header-bound entities (e.g.
+ * {@code PhysicalServerAO}) can reference the JPA
+ * {@link org.zstack.header.core.convert.PasswordConverter} without pulling in
+ * the {@code core} module (header is the upstream of core).
+ *
+ * <p>Originally lived in {@code org.zstack.core.encrypt}; moved with the
+ * {@code PasswordConverter} relocation in ZSTAC-85182.</p>
+ */
+public interface EncryptFacade {
+    String encrypt(String decryptString);
+
+    String decrypt(String encryptString);
+
+    ErrorableValue<String> encrypt(String data, String algType);
+
+    ErrorableValue<String> decrypt(String data, String algType);
+
+    void updateEncryptDataStateIfExists(String entity, String column, EncryptEntityState state);
+
+    List<EncryptedFieldBundle> getIntegrityEncryptionBundle();
+
+    List<EncryptedFieldBundle> getConfidentialityEncryptionBundle();
+
+    /**
+     * @return {@code true} when the global password-encrypt toggle is set to
+     * {@code None}; the {@link PasswordConverter} treats this as pass-through
+     * so legacy unencrypted columns stay readable. Centralised here so the
+     * converter does not need to depend on {@code core.EncryptGlobalConfig}.
+     */
+    boolean isEncryptionDisabled();
+}

core/src/main/java/org/zstack/core/convert/PasswordConverter.java → header/src/main/java/org/zstack/header/core/convert/PasswordConverter.java

@@ -1,13 +1,10 @@
-package org.zstack.core.convert;
+package org.zstack.header.core.convert;
 
 import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Autowire;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Configurable;
 import org.springframework.stereotype.Component;
-import org.zstack.core.encrypt.EncryptFacade;
-import org.zstack.core.encrypt.EncryptGlobalConfig;
-import org.zstack.header.core.encrypt.PasswordEncryptType;
 import org.zstack.utils.Utils;
 import org.zstack.utils.logging.CLogger;
 
@@ -16,6 +13,13 @@
 
 /**
  * Created by kayo on 2018/9/7.
+ *
+ * <p>Relocated from {@code org.zstack.core.convert} to header in ZSTAC-85182 so
+ * header-resident entities (e.g. {@code PhysicalServerAO.oobPassword}) can
+ * apply {@code @Convert(converter = PasswordConverter.class)} directly. The
+ * gating against the global {@code enable.password.encrypt} toggle moved to
+ * {@link EncryptFacade#isEncryptionDisabled()} to keep this class free of any
+ * {@code core} import.</p>
  */
 @Component
 @Converter
@@ -32,7 +36,7 @@ public void initEncryptFacade(EncryptFacade encryptFacade){
 
     @Override
     public String convertToDatabaseColumn(String attribute) {
-        if (PasswordEncryptType.None.toString().equals(EncryptGlobalConfig.ENABLE_PASSWORD_ENCRYPT.value(String.class))) {
+        if (encryptFacade == null || encryptFacade.isEncryptionDisabled()) {
             return attribute;
         }
         if (StringUtils.isEmpty(attribute)) {
@@ -43,7 +47,7 @@ public String convertToDatabaseColumn(String attribute) {
 
     @Override
     public String convertToEntityAttribute(String dbData) {
-        if (PasswordEncryptType.None.toString().equals(EncryptGlobalConfig.ENABLE_PASSWORD_ENCRYPT.value(String.class))) {
+        if (encryptFacade == null || encryptFacade.isEncryptionDisabled()) {
             return dbData;
         }
 

header/src/main/java/org/zstack/header/server/PhysicalServerAO.java

@@ -1,5 +1,6 @@
 package org.zstack.header.server;
 
+import org.zstack.header.core.convert.PasswordConverter;
 import org.zstack.header.vo.ForeignKey;
 import org.zstack.header.vo.ForeignKey.ReferenceOption;
 import org.zstack.header.vo.ResourceVO;
@@ -70,6 +71,7 @@ public class PhysicalServerAO extends ResourceVO {
 
     @EncryptColumn
     @NoLogging
+    @Convert(converter = PasswordConverter.class)
     @Column
     private String oobPassword;
 

header/src/main/java/org/zstack/header/server/PhysicalServerHardwareDiscoveryExtensionPoint.java

@@ -80,11 +80,5 @@ interface HardwareInfoCarrier {
         void setCpuCores(Integer v);
         void setCpuArchitecture(String v);
         void setTotalMemoryBytes(Long v);
-        void setMemoryModuleCount(Integer v);
-        void setTotalDiskBytes(Long v);
-        void setDiskCount(Integer v);
-        void setNicCount(Integer v);
-        void setGpuCount(Integer v);
-        void setHealthStatus(String v);
     }
 }

header/src/main/java/org/zstack/header/server/PhysicalServerHardwareInfoVO.java

@@ -53,36 +53,6 @@ public class PhysicalServerHardwareInfoVO {
     @Column
     private Long totalMemoryBytes;
 
-    @Column
-    private Integer memoryModuleCount;
-
-    @Column
-    private Long totalDiskBytes;
-
-    @Column
-    private Integer diskCount;
-
-    @Column
-    private Integer nicCount;
-
-    @Column
-    private Integer gpuCount;
-
-    @Column
-    private String healthStatus;
-
-    /**
-     * P1-3: first-writer-wins. The first {@code discoverHardware} pass that produced any
-     * non-null carrier field writes its winning source here (per the in-pass ordering
-     * IPMI_FRU > KVM_AGENT > K8S_NODEINFO). Subsequent passes refresh data columns
-     * and {@link #lastDiscoverDate} but do NOT overwrite this value — it is a stable
-     * "who first identified this host" tag, not a churning "currently primary contributor"
-     * signal. Operators wanting per-field provenance should look at lastDiscoverDate +
-     * field-level audit (out of scope for v5.5.18).
-     */
-    @Column
-    private String discoverSource;
-
     @Column
     private Timestamp lastDiscoverDate;
 
@@ -172,62 +142,6 @@ public void setTotalMemoryBytes(Long totalMemoryBytes) {
         this.totalMemoryBytes = totalMemoryBytes;
     }
 
-    public Integer getMemoryModuleCount() {
-        return memoryModuleCount;
-    }
-
-    public void setMemoryModuleCount(Integer memoryModuleCount) {
-        this.memoryModuleCount = memoryModuleCount;
-    }
-
-    public Long getTotalDiskBytes() {
-        return totalDiskBytes;
-    }
-
-    public void setTotalDiskBytes(Long totalDiskBytes) {
-        this.totalDiskBytes = totalDiskBytes;
-    }
-
-    public Integer getDiskCount() {
-        return diskCount;
-    }
-
-    public void setDiskCount(Integer diskCount) {
-        this.diskCount = diskCount;
-    }
-
-    public Integer getNicCount() {
-        return nicCount;
-    }
-
-    public void setNicCount(Integer nicCount) {
-        this.nicCount = nicCount;
-    }
-
-    public Integer getGpuCount() {
-        return gpuCount;
-    }
-
-    public void setGpuCount(Integer gpuCount) {
-        this.gpuCount = gpuCount;
-    }
-
-    public String getHealthStatus() {
-        return healthStatus;
-    }
-
-    public void setHealthStatus(String healthStatus) {
-        this.healthStatus = healthStatus;
-    }
-
-    public String getDiscoverSource() {
-        return discoverSource;
-    }
-
-    public void setDiscoverSource(String discoverSource) {
-        this.discoverSource = discoverSource;
-    }
-
     public Timestamp getLastDiscoverDate() {
         return lastDiscoverDate;
     }

plugin/ceph/src/main/java/org/zstack/storage/ceph/CephMonAO.java

@@ -1,6 +1,6 @@
 package org.zstack.storage.ceph;
 
-import org.zstack.core.convert.PasswordConverter;
+import org.zstack.header.core.convert.PasswordConverter;
 import org.zstack.header.core.encrypt.EncryptColumn;
 import org.zstack.header.vo.ResourceVO;
 

plugin/kvm/src/main/java/org/zstack/kvm/KVMHostVO.java

@@ -1,6 +1,6 @@
 package org.zstack.kvm;
 
-import org.zstack.core.convert.PasswordConverter;
+import org.zstack.header.core.convert.PasswordConverter;
 import org.zstack.header.core.encrypt.EncryptColumn;
 import org.zstack.header.host.HostEO;
 import org.zstack.header.host.HostVO;