CP-53478: Implement SSH-related APIs for Dom0 SSH control

Implemented XAPI APIs:
  - `set_ssh_enabled_timeout`
  - `set_console_idle_timeout`

These APIs allow XAPI to configure timeouts for the SSH service and idle console sessions.

Updated `records.ml` to support `host-param-set/get/list` and `pool-param-set/get/list` for SSH-related fields.

Signed-off-by: Lunfan Zhang <[email protected]>

Author: LunfanZhang

ocaml/idl/datamodel_errors.ml

@@ -2040,6 +2040,12 @@ let _ =
   error Api_errors.disable_ssh_partially_failed ["hosts"]
     ~doc:"Some of hosts failed to disable SSH access." () ;
 
+  error Api_errors.set_ssh_timeout_partially_failed ["hosts"]
+    ~doc:"Some of hosts failed to set SSH timeout." () ;
+
+  error Api_errors.set_console_timeout_partially_failed ["hosts"]
+    ~doc:"Some of hosts failed to set console timeout." () ;
+
   error Api_errors.host_driver_no_hardware ["driver variant"]
     ~doc:"No hardware present for this host driver variant" () ;
 

ocaml/xapi-cli-server/records.ml

@@ -204,6 +204,23 @@ let get_pbds_host rpc session_id pbds =
 let get_sr_host rpc session_id record =
   get_pbds_host rpc session_id record.API.sR_PBDs
 
+(** Get a field from the first host, or return a default value if the field
+    is not the same on all hosts. *)
+let get_consistent_field_or_default ~rpc ~session_id ~getter ~transform ~default
+    =
+  match Client.Host.get_all ~rpc ~session_id with
+  | [] ->
+      default
+  | h :: hs ->
+      let first_value = getter ~rpc ~session_id ~self:h |> transform in
+      let all_values =
+        List.map (fun h -> getter ~rpc ~session_id ~self:h |> transform) hs
+      in
+      if List.for_all (( = ) first_value) all_values then
+        first_value
+      else
+        default
+
 let bond_record rpc session_id bond =
   let _ref = ref bond in
   let empty_record =
@@ -1506,6 +1523,44 @@ let pool_record rpc session_id pool =
           )
           ~get_map:(fun () -> (x ()).API.pool_license_server)
           ()
+      ; make_field ~name:"ssh-enabled"
+          ~get:(fun () ->
+            get_consistent_field_or_default ~rpc ~session_id
+              ~getter:Client.Host.get_ssh_enabled ~transform:string_of_bool
+              ~default:""
+          )
+          ()
+      ; make_field ~name:"ssh-enabled-timeout"
+          ~get:(fun () ->
+            get_consistent_field_or_default ~rpc ~session_id
+              ~getter:Client.Host.get_ssh_enabled_timeout
+              ~transform:Int64.to_string ~default:""
+          )
+          ~set:(fun value ->
+            let minutes = safe_i64_of_string "ssh-enabled-timeout" value in
+            let seconds = Int64.mul minutes 60L in
+            Client.Pool.set_ssh_enabled_timeout ~rpc ~session_id ~self:pool
+              ~value:seconds
+          )
+          ()
+      ; make_field ~name:"ssh-expiry"
+          ~get:(fun () ->
+            get_consistent_field_or_default ~rpc ~session_id
+              ~getter:Client.Host.get_ssh_expiry ~transform:Date.to_rfc3339
+              ~default:""
+          )
+          ()
+      ; make_field ~name:"console-idle-timeout"
+          ~get:(fun () ->
+            get_consistent_field_or_default ~rpc ~session_id
+              ~getter:Client.Host.get_console_idle_timeout
+              ~transform:Int64.to_string ~default:""
+          )
+          ~set:(fun value ->
+            Client.Pool.set_console_idle_timeout ~rpc ~session_id ~self:pool
+              ~value:(Int64.of_string value)
+          )
+          ()
       ]
   }
 
@@ -3265,6 +3320,28 @@ let host_record rpc session_id host =
       ; make_field ~name:"last-update-hash"
           ~get:(fun () -> (x ()).API.host_last_update_hash)
           ()
+      ; make_field ~name:"ssh-enabled"
+          ~get:(fun () -> string_of_bool (x ()).API.host_ssh_enabled)
+          ()
+      ; make_field ~name:"ssh-enabled-timeout"
+          ~get:(fun () -> Int64.to_string (x ()).API.host_ssh_enabled_timeout)
+          ~set:(fun value ->
+            let minutes = safe_i64_of_string "ssh-enabled-timeout" value in
+            let seconds = Int64.mul minutes 60L in
+            Client.Host.set_ssh_enabled_timeout ~rpc ~session_id ~self:host
+              ~value:seconds
+          )
+          ()
+      ; make_field ~name:"ssh-expiry"
+          ~get:(fun () -> Date.to_rfc3339 (x ()).API.host_ssh_expiry)
+          ()
+      ; make_field ~name:"console-idle-timeout"
+          ~get:(fun () -> Int64.to_string (x ()).API.host_console_idle_timeout)
+          ~set:(fun value ->
+            Client.Host.set_console_idle_timeout ~rpc ~session_id ~self:host
+              ~value:(safe_i64_of_string "console-idle-timeout" value)
+          )
+          ()
       ]
   }
 

ocaml/xapi-consts/api_errors.ml

@@ -1420,6 +1420,12 @@ let enable_ssh_partially_failed = add_error "ENABLE_SSH_PARTIALLY_FAILED"
 
 let disable_ssh_partially_failed = add_error "DISABLE_SSH_PARTIALLY_FAILED"
 
+let set_ssh_timeout_partially_failed =
+  add_error "SET_SSH_TIMEOUT_PARTIALLY_FAILED"
+
+let set_console_timeout_partially_failed =
+  add_error "SET_CONSOLE_TIMEOUT_PARTIALLY_FAILED"
+
 let host_driver_no_hardware = add_error "HOST_DRIVER_NO_HARDWARE"
 
 let tls_verification_not_enabled_in_pool =

ocaml/xapi/xapi_host.ml

@@ -3114,26 +3114,181 @@ let emergency_clear_mandatory_guidance ~__context =
      ) ;
   Db.Host.set_pending_guidances ~__context ~self ~value:[]
 
+let remove_disable_ssh_job ~__context ~self =
+  let host_uuid = Db.Host.get_uuid ~__context ~self in
+  let task_name = Printf.sprintf "disable_ssh_for_host_%s" host_uuid in
+  Xapi_stdext_threads_scheduler.Scheduler.remove_from_queue task_name
+
+let schedule_disable_ssh_job ~__context ~self ~timeout =
+  let host_uuid = Db.Host.get_uuid ~__context ~self in
+  let task_name = Printf.sprintf "disable_ssh_for_host_%s" host_uuid in
+
+  let expiry_time =
+    match
+      Ptime.add_span (Ptime_clock.now ())
+        (Ptime.Span.of_int_s (Int64.to_int timeout))
+    with
+    | None ->
+        error "Invalid SSH timeout: %Ld" timeout ;
+        raise
+          (Api_errors.Server_error
+             (Api_errors.invalid_value, ["timeout"; Int64.to_string timeout])
+          )
+    | Some t ->
+        Ptime.to_float_s t |> Date.of_unix_time
+  in
+
+  debug "Scheduling SSH disable job for host %s with timeout %Ld" host_uuid
+    timeout ;
+
+  (* Remove any existing job first *)
+  remove_disable_ssh_job ~__context ~self ;
+
+  Xapi_stdext_threads_scheduler.Scheduler.add_to_queue task_name
+    Xapi_stdext_threads_scheduler.Scheduler.OneShot (Int64.to_float timeout)
+    (fun () ->
+      try
+        Xapi_systemctl.disable ~wait_until_success:false "sshd" ;
+        Xapi_systemctl.stop ~wait_until_success:false "sshd" ;
+        Db.Host.set_ssh_enabled ~__context ~self ~value:false ;
+        debug "Successfully disabled SSH for host %s" host_uuid
+      with e ->
+        error "Failed to disable SSH for host %s: %s" host_uuid
+          (Printexc.to_string e)
+  ) ;
+
+  Db.Host.set_ssh_expiry ~__context ~self ~value:expiry_time
+
 let enable_ssh ~__context ~self =
   try
+    debug "Enabling SSH for host %s" (Db.Host.get_uuid ~__context ~self) ;
+
     Xapi_systemctl.enable ~wait_until_success:false "sshd" ;
-    Xapi_systemctl.start ~wait_until_success:false "sshd"
-  with _ ->
+    Xapi_systemctl.start ~wait_until_success:false "sshd" ;
+
+    let timeout = Db.Host.get_ssh_enabled_timeout ~__context ~self in
+    ( match timeout with
+    | 0L ->
+        remove_disable_ssh_job ~__context ~self
+    | t ->
+        schedule_disable_ssh_job ~__context ~self ~timeout:t
+    ) ;
+
+    Db.Host.set_ssh_enabled ~__context ~self ~value:true
+  with e ->
+    error "Failed to enable SSH on host %s: %s" (Ref.string_of self)
+      (Printexc.to_string e) ;
     raise
       (Api_errors.Server_error
-         (Api_errors.enable_ssh_failed, [Ref.string_of self])
+         ( Api_errors.enable_ssh_failed
+         , [Ref.string_of self; Printexc.to_string e]
+         )
       )
 
 let disable_ssh ~__context ~self =
   try
+    debug "Disabling SSH for host %s" (Db.Host.get_uuid ~__context ~self) ;
+
+    remove_disable_ssh_job ~__context ~self ;
+
     Xapi_systemctl.disable ~wait_until_success:false "sshd" ;
-    Xapi_systemctl.stop ~wait_until_success:false "sshd"
-  with _ ->
+    Xapi_systemctl.stop ~wait_until_success:false "sshd" ;
+    Db.Host.set_ssh_enabled ~__context ~self ~value:false ;
+
+    let expiry_time =
+      Ptime_clock.now () |> Ptime.to_float_s |> Date.of_unix_time
+    in
+    Db.Host.set_ssh_expiry ~__context ~self ~value:expiry_time
+  with e ->
+    error "Failed to disable SSH on host %s: %s" (Ref.string_of self)
+      (Printexc.to_string e) ;
     raise
       (Api_errors.Server_error
          (Api_errors.disable_ssh_failed, [Ref.string_of self])
       )
 
-let set_ssh_enabled_timeout ~__context ~self:_ ~value:_ = ()
+let set_ssh_enabled_timeout ~__context ~self ~value =
+  let validate_timeout value =
+    if value < 0L || value > 172800L then
+      raise
+        (Api_errors.Server_error
+           ( Api_errors.invalid_value
+           , [
+               "timeout"
+             ; Int64.to_string value
+             ; "must be between 0 and 2*24*60*60 seconds"
+             ]
+           )
+        )
+    else
+      value
+  in
+  let timeout = validate_timeout value in
+  debug "Setting SSH timeout for host %s to %Ld seconds"
+    (Db.Host.get_uuid ~__context ~self)
+    timeout ;
+  Db.Host.set_ssh_enabled_timeout ~__context ~self ~value:timeout ;
+  match Db.Host.get_ssh_enabled ~__context ~self with
+  | false ->
+      ()
+  | true -> (
+    match timeout with
+    | 0L ->
+        remove_disable_ssh_job ~__context ~self ;
+        Db.Host.set_ssh_expiry ~__context ~self ~value:Date.epoch
+    | t ->
+        schedule_disable_ssh_job ~__context ~self ~timeout:t ;
+        Db.Host.set_ssh_enabled_timeout ~__context ~self ~value:timeout
+  )
+
+let set_console_idle_timeout ~__context ~self ~value =
+  let validate_timeout = function
+    | timeout when timeout >= 0L ->
+        timeout
+    | timeout ->
+        raise
+          (Api_errors.Server_error
+             ( Api_errors.invalid_value
+             , [
+                 "console_timeout"
+               ; Int64.to_string timeout
+               ; "must be a positive integer"
+               ]
+             )
+          )
+  in
+
+  let console_timeout = validate_timeout value in
+  let bashrc = "/root/.bashrc" in
 
-let set_console_idle_timeout ~__context ~self:_ ~value:_ = ()
+  try
+    let lines = Unixext.read_lines ~path:bashrc in
+    let filtered =
+      List.filter
+        (fun line -> not (String.starts_with ~prefix:"export TMOUT=" line))
+        lines
+    in
+
+    let new_lines =
+      match console_timeout with
+      | 0L ->
+          filtered
+      | timeout ->
+          filtered @ [Printf.sprintf "export TMOUT=%Ld" timeout]
+    in
+    let content = String.concat "\n" new_lines ^ "\n" in
+
+    Unixext.atomic_write_to_file bashrc 0o0644 (fun fd ->
+        Unix.write fd (Bytes.of_string content) 0 (String.length content)
+        |> ignore
+    ) ;
+
+    Db.Host.set_console_idle_timeout ~__context ~self ~value:console_timeout
+  with e ->
+    error "Failed to configure console timeout: %s" (Printexc.to_string e) ;
+    raise
+      (Api_errors.Server_error
+         ( Api_errors.set_console_idle_timeout_failed
+         , ["Failed to configure console timeout"; Printexc.to_string e]
+         )
+      )

ocaml/xapi/xapi_pool.ml

@@ -4003,12 +4003,26 @@ module Ssh = struct
   let disable ~__context ~self:_ =
     operate ~__context ~action:Client.Host.disable_ssh
       ~error:Api_errors.disable_ssh_partially_failed
+
+  let set_enabled_timeout ~__context ~self:_ ~value =
+    operate ~__context
+      ~action:(fun ~rpc ~session_id ~self ->
+        Client.Host.set_ssh_enabled_timeout ~rpc ~session_id ~self ~value
+      )
+      ~error:Api_errors.set_ssh_timeout_partially_failed
+
+  let set_console_timeout ~__context ~self:_ ~value =
+    operate ~__context
+      ~action:(fun ~rpc ~session_id ~self ->
+        Client.Host.set_console_idle_timeout ~rpc ~session_id ~self ~value
+      )
+      ~error:Api_errors.set_console_timeout_partially_failed
 end
 
 let enable_ssh = Ssh.enable
 
 let disable_ssh = Ssh.disable
 
-let set_ssh_enabled_timeout ~__context ~self:_ ~value:_ = ()
+let set_ssh_enabled_timeout = Ssh.set_enabled_timeout
 
-let set_console_idle_timeout ~__context ~self:_ ~value:_ = ()
+let set_console_idle_timeout = Ssh.set_console_timeout