SUG-2795 integrate T2/T6 LB IPVS cloud changes

[MatheMatrix]

SUG-2795 integration MR for TCP IPVS LB backend.\n\nScope:\n- Integrate T2 Cloud management-plane patch on 5.5.28.\n- T6 has no Cloud-side code per integration confirmation.\n\nValidation:\n- git diff --check passed during integration.\n- Local package build produced zstack.war.\n- Live post-deploy E2E on MN 172.24.241.166 covered TCP IPVS full_nat listener create, multi backend, multi server group, weight, scheduler, metrics/status observation, backend delete and listener cleanup.\n\nNote:\n- Live environment is premium; full community zstack.war was not used for final deployment. Cloud validation used minimal loadBalancer/sdk jar replacement to avoid premium dependency mismatch.

sync from gitlab !10307

[coderabbitai]

Warning

Review limit reached

@MatheMatrix, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 57 minutes and 27 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: b79eeb14-4078-42d1-9b70-1407a28c9ff4

📥 Commits

Reviewing files that changed from the base of the PR and between 5069d12 and 6d42d62.

📒 Files selected for processing (2)

• plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/APICreateLoadBalancerListenerMsgDoc_zh_cn.groovy
• plugin/virtualRouterProvider/src/main/java/org/zstack/network/service/virtualrouter/lb/VirtualRouterLoadBalancerBackend.java

Warning

.coderabbit.yaml has a parsing error

The CodeRabbit configuration file in this repository has a parsing error and default settings were used instead. Please fix the error(s) in the configuration file. You can initialize chat with CodeRabbit to get help with the configuration file.

💥 Parsing errors (1)

Could not fetch remote config from http://open.zstack.ai:20001/code-reviews/zstack-cloud.yaml: TimeoutError: The operation was aborted due to timeout

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

变更摘要

在负载均衡监听器上新增 IPVS 数据平面（dataPlane）与转发模式（forwardMode）支持，并新增健康检查超时（healthCheckTimeout）变更能力。同步重构虚拟路由后端专用 VR 查找逻辑与后端 L3 网络推导逻辑，并增加相应集成测试与数据库升级脚本。

变更详情

LB 监听器 IPVS 数据平面与健康检查超时

Layer / File(s)	Summary
常量、VO 与 Inventory 数据契约 plugin/loadBalancer/.../LoadBalancerConstants.java, LoadBalancerListenerVO.java, LoadBalancerListenerVO_.java, LoadBalancerListenerInventory.java, conf/db/upgrade/V5.5.28__schema.sql	新增 DATA_PLANE_*/FORWARD_MODE_*/HEALTH_CHECK_TIMEOUT_* 常量；LoadBalancerListenerVO 新增 data_plane/forward_mode JPA 列；Inventory 的 valueOf 仅在 TCP+IPVS 时填充两字段；SQL 升级脚本补齐存量数据默认值。
API 消息与 SDK 参数扩展 APICreateLoadBalancerListenerMsg.java, APIChangeLoadBalancerListenerMsg.java, APICreate...MsgDoc_zh_cn.groovy, APIChange...MsgDoc_zh_cn.groovy, sdk/.../CreateLoadBalancerListenerAction.java, sdk/.../ChangeLoadBalancerListenerAction.java, sdk/.../LoadBalancerListenerInventory.java	Create 消息新增 dataPlane/forwardMode 入参，Change 消息新增 healthCheckTimeout 入参；SDK Action 类与中文接口文档同步更新。
ApiInterceptor 校验逻辑重构 LoadBalancerApiInterceptor.java, LoadBalancerManagerImpl.java	创建时补全 dataPlane 默认值（haproxy），IPVS 强制 TCP+full_nat；变更时前置 healthCheckTarget 归一化；两处均引入 dataPlane 维度的健康检查协议兼容性判断；共享 LB 判断替换为考虑 SEPARATE_VR 的 helper。
LoadBalancerBase 持久化与回滚 LoadBalancerBase.java	createListener 写入 dataPlane/forwardMode；Change 消息处理新增 HEALTH_TIMEOUT 系统标签更新与失败回滚；addVmNicToListener 引入 finalProviderType 兜底。
LoadBalancerFactory 默认 ProviderType LoadBalancerFactory.java, SharedLoadBalancerFactory.java	接口新增默认方法 getDefaultProviderType()，SharedLoadBalancerFactory 覆盖返回 VyosConstants.VYOS_ROUTER_PROVIDER_TYPE。
VirtualRouter 后端重构 VirtualRouterLoadBalancerBackend.java	新增 findDedicatedLoadBalancerVirtualRouter、findBackendL3Network、getBackendL3NetworkUuids、hasBackendServers；移除 removeVmNics/removeListener 中 SEPARATE_VR 早退限制；detach 条件改为 hasBackendServers；LbTO 新增 forwardMode 并在 makeLbTOs 中填充。
集成测试与 Schema 升级测试 TcpIpvsLoadBalancerListenerApiCase.groovy, CheckSchemaUpgradeCase.groovy, TestVirtualRouterLb13.java	新增 IPVS 监听器全链路集成测试；校验 V5.5.28 SQL 升级内容；TestVirtualRouterLb13 新增 healthCheckTimeout 变更与 tag 断言。

时序图

sequenceDiagram
  participant Client
  participant LoadBalancerApiInterceptor
  participant LoadBalancerBase
  participant LoadBalancerListenerVO
  participant VirtualRouterLoadBalancerBackend

  Client->>LoadBalancerApiInterceptor: APICreateLoadBalancerListenerMsg(dataPlane, forwardMode)
  LoadBalancerApiInterceptor->>LoadBalancerApiInterceptor: 补全 dataPlane 默认值(haproxy)<br>校验 IPVS 仅支持 TCP+full_nat<br>校验健康检查协议兼容性
  LoadBalancerApiInterceptor-->>LoadBalancerBase: 通过校验
  LoadBalancerBase->>LoadBalancerListenerVO: 写入 dataPlane / forwardMode
  LoadBalancerBase->>VirtualRouterLoadBalancerBackend: refresh LB
  VirtualRouterLoadBalancerBackend->>VirtualRouterLoadBalancerBackend: findDedicatedLoadBalancerVirtualRouter<br>getBackendL3NetworkUuids
  VirtualRouterLoadBalancerBackend->>VirtualRouterLoadBalancerBackend: makeLbTOs(dataPlane, forwardMode 写入 LbTO)
  VirtualRouterLoadBalancerBackend-->>Client: RefreshLbCmd 下发

Loading

评估代码审查工作量

🎯 5 (Critical) | ⏱️ ~120 分钟

可能相关的 PR

• MatheMatrix/zstack#4336: 同样涉及 healthCheckTimeout 在 APIChangeLoadBalancerListenerMsg、LoadBalancerApiInterceptor 校验以及 LoadBalancerBase 中 HEALTH_TIMEOUT 系统标签的读写与回滚，代码层面直接重叠。

小诗

🐇 小兔跑进机房里，
IPVS 平面新开启，
full_nat 路由定乾坤，
超时检查不忘记，
专用路由找得到，
后端 L3 推得齐！

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 2.08% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	标题准确概括了本次 TCP/IPVS 负载均衡云端集成变更。
Description check	✅ Passed	描述与变更内容一致，说明了集成范围、验证方式和部署背景。
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch sync/zstackio/codex/sug-2795-integration-5.5.28

---

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/LoadBalancerFactory.java (1)

21-23: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

为新增接口方法补充 Javadoc。

这是新的扩展点，默认返回 null 的语义需要写清楚，方便实现方判断是否必须覆盖。

建议修改

+    /**
+     * Returns the fallback provider type used when no backend NIC is available.
+     *
+     * `@return` the default provider type, or {`@code` null} if this factory has no fallback provider
+     */
     default String getDefaultProviderType() {
         return null;
     }

As per path instructions, 接口方法不应有多余的修饰符（例如 public），且必须配有有效的 Javadoc 注释。

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/LoadBalancerFactory.java`
around lines 21 - 23, The new extension method getDefaultProviderType in
LoadBalancerFactory needs a proper Javadoc explaining that the default null
return means no default provider is specified and implementers should override
it when required. Add the Javadoc directly on this interface method, keep the
method declaration as a plain interface method without extra modifiers, and make
the null semantics explicit so implementers can decide whether overriding is
mandatory.

Source: Path instructions

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/APICreateLoadBalancerListenerMsgDoc_zh_cn.groovy`:
- Around line 228-247: 补全 APICreateLoadBalancerListenerMsgDoc_zh_cn.groovy
中参数定义的说明，当前 dataPlane 和 forwardMode 的 desc 为空会导致文档无法表达用途。请在生成文档的 column 配置里为
dataPlane、forwardMode 填写清晰的中文描述，并在 APICreateLoadBalancerListenerMsgDoc_zh_cn
相关参数说明中明确 dataPlane 表示的数据平面含义、forwardMode 表示的转发模式及其适用场景，确保与现有 values 枚举一致。

In
`@plugin/virtualRouterProvider/src/main/java/org/zstack/network/service/virtualrouter/lb/VirtualRouterLoadBalancerBackend.java`:
- Around line 233-249: After finding a dedicated VR via
findDedicatedLoadBalancerVirtualRouter(), return that VR immediately instead of
only validating it and falling through, because vrs may still be empty and later
addVmNics() can mis-handle it as missing. Update the logic in
VirtualRouterLoadBalancerBackend around the vr Optional handling so the
dedicated VR becomes the method result before the empty-vrs path or the
subsequent assertion is reached.
- Around line 2107-2149: The backend L3 discovery logic only returns the first
matching L3 for server IPs, which can miss additional peer L3 networks or pick
the wrong one when IPs overlap. Update findBackendL3Network() and
getBackendL3NetworkUuids() in VirtualRouterLoadBalancerBackend so they collect
all matching L3NetworkUuid values from UsedIpVO lookups instead of stopping at
the first hit. If the dedicated VR path must remain single-L3, add an explicit
validation at the VR चयन/entry point and fail fast with a clear error when
multiple backend L3s are found.

---

Nitpick comments:
In
`@plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/LoadBalancerFactory.java`:
- Around line 21-23: The new extension method getDefaultProviderType in
LoadBalancerFactory needs a proper Javadoc explaining that the default null
return means no default provider is specified and implementers should override
it when required. Add the Javadoc directly on this interface method, keep the
method declaration as a plain interface method without extra modifiers, and make
the null semantics explicit so implementers can decide whether overriding is
mandatory.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 8b62a1b1-ece5-4649-9168-a17533479bf0

📥 Commits

Reviewing files that changed from the base of the PR and between 505e92f and 5069d12.

📒 Files selected for processing (21)

• conf/db/upgrade/V5.5.28__schema.sql
• plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/APIChangeLoadBalancerListenerMsg.java
• plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/APIChangeLoadBalancerListenerMsgDoc_zh_cn.groovy
• plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/APICreateLoadBalancerListenerMsg.java
• plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/APICreateLoadBalancerListenerMsgDoc_zh_cn.groovy
• plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/LoadBalancerApiInterceptor.java
• plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/LoadBalancerBase.java
• plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/LoadBalancerConstants.java
• plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/LoadBalancerFactory.java
• plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/LoadBalancerListenerInventory.java
• plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/LoadBalancerListenerVO.java
• plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/LoadBalancerListenerVO_.java
• plugin/loadBalancer/src/main/java/org/zstack/network/service/lb/LoadBalancerManagerImpl.java
• plugin/virtualRouterProvider/src/main/java/org/zstack/network/service/virtualrouter/lb/SharedLoadBalancerFactory.java
• plugin/virtualRouterProvider/src/main/java/org/zstack/network/service/virtualrouter/lb/VirtualRouterLoadBalancerBackend.java
• sdk/src/main/java/org/zstack/sdk/ChangeLoadBalancerListenerAction.java
• sdk/src/main/java/org/zstack/sdk/CreateLoadBalancerListenerAction.java
• sdk/src/main/java/org/zstack/sdk/LoadBalancerListenerInventory.java
• test/src/test/groovy/org/zstack/test/integration/db/schema/CheckSchemaUpgradeCase.groovy
• test/src/test/groovy/org/zstack/test/integration/networkservice/provider/virtualrouter/loadbalancer/TcpIpvsLoadBalancerListenerApiCase.groovy
• test/src/test/java/org/zstack/test/lb/TestVirtualRouterLb13.java

[zstack-robot-2]

Comment from 刘德靖:

SUG-2795 integration update:

已修复并推送 zstack MR !10307 的 3 条 CodeRabbit blocker：

• 补全 dataPlane / forwardMode API 文档说明。
• 专用 VR fallback 命中后直接返回对应 VR。
• server IP backend L3 discovery 改为收集所有匹配 L3，并在需要单 L3 的 VR 创建路径显式 fail fast。

验证：

• git diff --check passed
• mvn -pl plugin/loadBalancer,plugin/virtualRouterProvider -am -DskipTests compile BUILD SUCCESS
• GitLab discussion unresolved_count=0

当前 zstack HEAD: ce4344ce6fd3af31c3b3410a098da7e9e71d4c45

剩余 completion gate：DevOps task/build 聚合结果还没找到，待补 DevOps PASS/success 证据。

[MatheMatrix]

Comment from 刘德靖:

SUG-2795 integration update:

已按要求把 zstack MR !10307 的 base/target 从 5.5.28 改为 feature-5.5.28-lb-ipvs。

当前确认：

• source: codex/sug-2795-integration-5.5.28
• target/base: feature-5.5.28-lb-ipvs
• source HEAD: 3fe5c25238a00ae013b3435e2b107d4ce1881e07
• target HEAD: 56564c1795562f41e2b5e0a958d7acb60117ce20
• MR diff: 7 files, only T2 Cloud + review-fix scope
• unresolved_count=0
• mvn -pl plugin/loadBalancer,plugin/virtualRouterProvider -am -DskipTests compile BUILD SUCCESS

剩余 completion gate：DevOps 聚合结果待补。