Merge branch '4.20' into 4.22

Author: sureshanaparti

source/_static/images/resize-volume.png

@@ -178,7 +178,7 @@ Tuning
 .. toctree::
    :maxdepth: 4
 
-   tuning
+   tuning/tuning
 
 
 Events and Troubleshooting

source/adminguide/index.rst

@@ -216,6 +216,11 @@ Adding Ingress and Egress Rules to a Security Group
 #. Click Add.
 
 
+.. note::
+- If there is no Egress rule in a Security Group, all the outgoing traffic will be allowed
+- If there are Egress rules in a Security Group, only the outgoing traffic which match a Egress rule will be allowed
+- Only the incoming traffic which match a Ingress rule will be allowed
+
 .. |httpaccess.png| image:: /_static/images/http-access.png
    :alt: allows inbound HTTP access from anywhere.
 

source/adminguide/networking/security_groups.rst

@@ -347,14 +347,16 @@ destination" and / or "allow all ingress source" rule to the ACL.
 Afterwards traffic can be white- or blacklisted.
 
 .. note::
-    - ACL Rules in Cloudstack are stateful
-    - Source / Destination CIDRs are always external Networks
-    - ACL rules can also been seen on the virtual router of the VPC. Ingress
-      rules are listed in the table iptables table "filter" while egress rules
-      are placed in the "mangle" table
-    - ACL rules for ingress and egress are not correlating. For example a
-      egress "deny all" won't affect traffic in response to an allowed ingress
-      connection
+- ACL Rules in Cloudstack are stateful
+- Source / Destination CIDRs are always external Networks
+- ACL rules can also been seen on the virtual router of the VPC. Ingress
+  rules are listed in the table iptables table "filter" while egress rules
+  are placed in the "mangle" table
+- ACL rules for ingress and egress are not correlating. For example a
+  egress "deny all" won't affect traffic in response to an allowed ingress
+  connection
+- The incoming traffic which does not match any ACL rules will be denied
+- The outgoing traffic which does not match any ACL rules will be allowed
 
 
 Creating ACLs

source/adminguide/networking/virtual_private_cloud_config.rst

@@ -249,6 +249,14 @@ To create a new compute offering:
    -  **CPU cap**: Whether to limit the level of CPU usage even if spare
       capacity is available.
 
+      .. note::
+         On KVM hypervisor, to allow CloudStack to relinquish CPU usage control
+         entirely, set this option to false and set CPU speed to zero. Note that Instances
+         with zero CPU speed offerings should not be co-hosted with Instances using
+         non-zero CPU speed offerings, as the CPU speed value is used as a relative
+         weight (share) in the ``cputune`` section of the domain XML, and mixing zero
+         and non-zero values would skew the weighting.
+
    -  **Volatile**: If checked, Instances created from this service offering
       will have their root disks reset upon reboot. This is useful for
       secure environments that need a fresh start on every boot and for

source/adminguide/service_offerings.rst

@@ -300,6 +300,10 @@ The CloudStack will bring the device back online and attempt to start
 all guests that were running at the time of the entry into maintenance
 mode.
 
+.. note::
+   HA-Enabled Instances will also be stopped when the primary storage is put into maintenance mode.
+   It is recommended to migrate any business-critical Instances to alternate primary storage before initiating maintenance.
+
 Browsing files on a primary storage
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -941,6 +945,13 @@ Before you try to resize a volume, consider the following:
    Therefore, resize any partitions or file systems before you shrink a
    data disk so that all the data is moved off from that disk.
 
+-  In Apache CloudStack 4.20 and before, resizing volume will fail if 
+   the current storage pool does not have enough capacity for new volume size.
+   Since Apache CloudStack 4.21, it becomes possible if zone setting
+   volume.resize.allowed.beyond.allocation is set to true, and the new volume size
+   does not cross the resize threshold (pool.storage.allocated.resize.capacity.disablethreshold) of storage pool.
+   These two zone settings are configurable by ROOT admin.
+
 To resize a volume:
 
 #. Log in to the CloudStack UI as a user or admin.
@@ -957,7 +968,7 @@ To resize a volume:
 
    |resize-volume.png|
 
-   #. If you select Custom Disk, specify a custom size.
+   #. Specify a custom size.
 
    #. Click Shrink OK to confirm that you are reducing the size of a
       volume.
@@ -966,6 +977,8 @@ To resize a volume:
       which might lead to the risk of data loss. You must sign off that
       you know what you are doing.
 
+   #. Check if you wish to auto migrate volume to another storage pool if required.
+
 #. Click OK.
 
 Root Volume size defined via Service Offering

source/adminguide/storage.rst

@@ -0,0 +1,55 @@
+.. Licensed to the Apache Software Foundation (ASF) under one
+   or more contributor license agreements.  See the NOTICE file
+   distributed with this work for additional information#
+   regarding copyright ownership.  The ASF licenses this file
+   to you under the Apache License, Version 2.0 (the
+   "License"); you may not use this file except in compliance
+   with the License.  You may obtain a copy of the License at
+   http://www.apache.org/licenses/LICENSE-2.0
+   Unless required by applicable law or agreed to in writing,
+   software distributed under the License is distributed on an
+   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+   KIND, either express or implied.  See the License for the
+   specific language governing permissions and limitations
+   under the License.
+   
+
+Disable Omit Stack Trace
+------------------------
+
+The JVM, by default stops printing some stack traces in the logs. To enable printing full stack traces at all times:
+
+#. Edit the following configuration file for the respective service to disable there and restart it:
+
+   - For cloudstack-management.service in the Management Server:
+
+      .. code:: bash
+
+         /etc/default/cloudstack-management
+
+   - For cloudstack-usage.service in the Usage Server:
+
+      .. code:: bash
+
+         /etc/default/cloudstack-usage
+
+   - For cloudstack-agent.service in the KVM Host:
+
+      .. code:: bash
+
+         /etc/default/cloudstack-agent
+
+   - For cloud.service in the SSVM:
+
+      .. code:: bash
+
+         /usr/local/cloud/systemvm/_run.sh
+
+#. Add the command-line parameter -XX:-OmitStackTraceInFastThrow to disable the omit stack trace flag in the JVM so that all
+   the stack traces are always printed on the logs. This flag is enabled by default in the JVM to omit the stack traces
+   for certain exceptions that are thrown frequently. Printing of the stack traces might impact performance, and is not
+   recommended for production, so it's better to disable this flag for troubleshooting or debugging purposes when required.
+
+   .. code:: bash
+
+      JAVA_OPTS="... -XX:-OmitStackTraceInFastThrow"

source/adminguide/tuning/disable_omit_stack_trace.rst

@@ -57,6 +57,9 @@ For more information about memory issues, see "FAQ: Memory" at `Tomcat
 Wiki. <http://wiki.apache.org/tomcat/FAQ/Memory>`_
 
 
+.. include:: disable_omit_stack_trace.rst
+
+
 Set Database Buffer Pool Size
 -----------------------------
 

source/adminguide/tuning.rst source/adminguide/tuning/tuning.rstsource/adminguide/tuning.rst renamed to source/adminguide/tuning/tuning.rst

@@ -175,6 +175,18 @@ To create an Instance from a Template:
    specified at the Instance or Template level. For an existing Instance its settings can be updated while it is in
    stopped state by admin.
 
+   **KVM**
+
+   Instances running on the KVM hypervisor with UEFI Secure Boot have disk controllers automatically enforced as following:
+
+   - Windows OS instances use SATA
+   - Non-Windows OS instances use VirtIO
+
+   Starting with 4.20.3 and later, this behavior can be overridden by setting the following template or instance detail to true:
+
+   ``skip.force.disk.controller = true``
+
+   When set to true, disk controller enforcement is skipped, and the controllers defined by template/instance details are used. If the detail is added at both template and instance level, the instance detail takes precedence.
 
 Install Required Tools and Drivers
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

source/adminguide/virtual_machines.rst

@@ -20,7 +20,7 @@
 # -- Project information -----------------------------------------------------
 
 project = 'Apache CloudStack'
-copyright = '2012-2025, Apache Foundation'
+copyright = '2012-2026, Apache Foundation'
 author = 'Apache CloudStack Project'
 
 # The short X.Y version