Support for custom SSH port for KVM hosts from the host url on add host and the configuration

[sureshanaparti]

Description

This PR support custom SSH port for KVM hosts from the host url while adding the host and the configuration 'kvm.host.discovery.ssh.port'. The port is used during

• KVM host discovery to connect to the Host during Add Host command
• Any other operations on host using SSH

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• Build/CI
• Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[codecov]

Codecov Report

❌ Patch coverage is 44.82759% with 16 lines in your changes missing coverage. Please review.
✅ Project coverage is 16.25%. Comparing base (ce42ce5) to head (c5b915d).
⚠️ Report is 15 commits behind head on 4.20.

Files with missing lines	Patch %	Lines
...che/cloudstack/backup/NetworkerBackupProvider.java	0.00%	8 Missing ⚠️
...rvisor/kvm/discoverer/LibvirtServerDiscoverer.java	0.00%	6 Missing ⚠️
...n/java/com/cloud/resource/ResourceManagerImpl.java	0.00%	0 Missing and 1 partial ⚠️
...rc/main/java/com/cloud/utils/ssh/SSHCmdHelper.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               4.20   #12571      +/-   ##
============================================
- Coverage     16.26%   16.25%   -0.01%     
+ Complexity    13428    13427       -1     
============================================
  Files          5660     5662       +2     
  Lines        499959   500165     +206     
  Branches      60707    60733      +26     
============================================
- Hits          81326    81322       -4     
- Misses       409560   409759     +199     
- Partials       9073     9084      +11     

Flag	Coverage Δ
uitests	4.15% <ø> (-0.01%)	⬇️
unittests	17.11% <44.82%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 16684

[sureshanaparti]

@blueorangutan test

[blueorangutan]

@sureshanaparti a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-15362)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 58847 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr12571-t15362-kvm-ol8.zip
Smoke tests completed. 141 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File

[DaanHoogland]

clgtm

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 16781

[sureshanaparti]

@blueorangutan test

[blueorangutan]

@sureshanaparti a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[nvazquez]

Just to double check, in case the setting does not have a value on the cluster, will this method return the global set value, or the default value? It should honor the global value, only in case it is not set either, then use default value (22)

[sureshanaparti]

yes @nvazquez, when cluster config is not set, it picks from global (which is defaulted to 22).

[nvazquez]

Looks good, thanks @sureshanaparti

[nvazquez]

Should there be any check for the host hypervisor type? I think this should be only for KVM

[sureshanaparti]

this method is called for KVM hypervisor only now, anyways added check to return default ssh port as 22 for other hypervisors.

[nvazquez]

Great, thanks

[blueorangutan]

[SF] Trillian test result (tid-15428)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 51023 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr12571-t15428-kvm-ol8.zip
Smoke tests completed. 141 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 16798

[nvazquez]

@blueorangutan test

[blueorangutan]

@nvazquez a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[winterhazel]

CLGTM

[blueorangutan]

[SF] Trillian test result (tid-15439)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 53900 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr12571-t15439-kvm-ol8.zip
Smoke tests completed. 141 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 16807

[kiranchavala]

LGTM

Tested manually

1. Tested the api addhost with url ip : port , the kvm host got added successfully

2026-02-16 12:50:25,538 WARN  [c.c.a.d.ParamGenericValidationWorker] (qtp1390913202-19:[ctx-fca077bb, ctx-d8ee5606]) (logid:658e4ef7) Received unknown parameters for command addHost. Unknown parameters : clustertype
2026-02-16 12:50:25,542 INFO  [c.c.r.ResourceManagerImpl] (qtp1390913202-19:[ctx-fca077bb, ctx-d8ee5606]) (logid:658e4ef7) Trying to add a new host at http://10.0.35.126:223 in data center Zone {"id": "1", "name": "kvmssh", "uuid": "52e92b81-d48c-4413-bdff-257dea9102b9"}

2. Tested the api addhost with default ssh port 22 url , the kvm host got added successfully

logs

2026-02-16 12:55:03,580 INFO  [c.c.r.ResourceManagerImpl] (qtp1390913202-18:[ctx-fbcec23e, ctx-f96519af]) (logid:babac2c9) Trying to add a new host at http://10.0.33.72 in data center Zone {"id": "1", "name": "kvmssh", "uuid": "52e92b81-d48c-4413-bdff-257dea9102b9"}

3. Set the setting at cluster level "kvm.host.discovery.ssh.port” to some 223 > but the host is running the ssh service on default 22 port

An exception is thrown by cloudstack

4. The host.ssh.port details are stored in the database

mysql> select * from host_details;
+----+---------+----------------------------------------------------+------------------------------------------------------+
| id | host_id | name                                               | value                                                |
+----+---------+----------------------------------------------------+------------------------------------------------------+
|  1 |       1 | Host.OS.Kernel.Version                             | 5.4.17-2136.309.5.1.el8uek.x86_64                    |
|  2 |       1 | com.cloud.network.Networks.RouterPrivateIpStrategy | HostLocal                                            |
|  3 |       1 | Host.OS.Version                                    | 8.6                                                  |
|  4 |       1 | host.volume.encryption                             | true                                                 |
|  5 |       1 | host.instance.conversion                           | false                                                |
|  6 |       1 | secured                                            | true                                                 |
|  7 |       1 | Host.OS                                            | Red Hat Enterprise Linux                             |
| 13 |       1 | host.uefi.enable                                   | true                                                 |
| 17 |       1 | password                                           | efdkl3cPYRqbHBZCJf9HcS2okuhCvhkoJ7yjxUEWZS/pag26msTg |
| 20 |       1 | host.ssh.port                                      | 223                                                  |
| 26 |       1 | username                                           | root                                                 |
| 27 |       4 | Host.OS.Kernel.Version                             | 5.4.17-2136.309.5.1.el8uek.x86_64                    |
| 28 |       4 | com.cloud.network.Networks.RouterPrivateIpStrategy | HostLocal                                            |
| 29 |       4 | Host.OS.Version                                    | 8.6                                                  |
| 30 |       4 | host.volume.encryption                             | true                                                 |
| 31 |       4 | host.instance.conversion                           | false                                                |
| 32 |       4 | secured                                            | true                                                 |
| 33 |       4 | Host.OS                                            | Red Hat Enterprise Linux                             |
| 39 |       4 | host.uefi.enable                                   | true                                                 |
| 43 |       4 | password                                           | s5u+ztkYJmSBRkpcH39bDLvLyhbzuBiAsZ1SnUF42jSMa+P0vV9V |
| 51 |       4 | username                                           | root                                                 |
+----+---------+----------------------------------------------------+------------------------------------------------------+
21 rows in set (0.00 sec)

5. The list host api response also contains the details of the ssh port

(localcloud) 🐱 > list hosts filter=details,
{
  "count": 4,
  "host": [
    {
      "details": {
        "Host.OS": "Red Hat Enterprise Linux",
        "Host.OS.Kernel.Version": "5.4.17-2136.309.5.1.el8uek.x86_64",
        "Host.OS.Version": "8.6",
        "com.cloud.network.Networks.RouterPrivateIpStrategy": "HostLocal",
        "host.ssh.port": "223",
        "host.uefi.enable": "true",
        "secured": "true"
      }
    },
    {},
    {},
    {
      "details": {
        "Host.OS": "Red Hat Enterprise Linux",
        "Host.OS.Kernel.Version": "5.4.17-2136.309.5.1.el8uek.x86_64",
        "Host.OS.Version": "8.6",
        "com.cloud.network.Networks.RouterPrivateIpStrategy": "HostLocal",
        "host.ssh.port": "22",
        "host.uefi.enable": "true",
        "secured": "true"
      }
    }
  ]
}

6. Performed operations on the host like all the operations succeded

Maintenance mode, migration of vm on the host , force recoonect

[weizhouapache]

looks perfect, thanks @kiranchavala

can you test (1) enable host maintenance; (2) cancel host maintenance ? if host.ssh.port is not 22.

[kiranchavala]

looks perfect, thanks @kiranchavala

can you test (1) enable host maintenance; (2) cancel host maintenance ? if host.ssh.port is not 22.

Thanks @weizhouapache Tested the maintenance related api calls and it worked fine if the host.ssh.port is not 22.