CP-53721 Implement SSH set auto mode API for Dom0 SSH control

Implemented XAPI APIs for SSH auto mode configuration:
  - `host.set_ssh_auto_mode`: Configures SSH auto mode for a specific host.
  - `pool.set_ssh_auto_mode`: Configures SSH auto mode for all hosts in the pool.

Additionally:
  - `host.enable_ssh` now automatically sets SSH auto mode to `false`.

Signed-off-by: Lunfan Zhang <[email protected]>

Author: LunfanZhang

ocaml/xapi/xapi_globs.ml

@@ -1297,6 +1297,8 @@ let job_for_disable_ssh = ref "Disable SSH"
 
 let ssh_service = ref "sshd"
 
+let ssh_monitor_service = ref "xapi-ssh-monitor"
+
 (* Fingerprint of default patch key *)
 let citrix_patch_key =
   "NERDNTUzMDMwRUMwNDFFNDI4N0M4OEVCRUFEMzlGOTJEOEE5REUyNg=="

ocaml/xapi/xapi_host.ml

@@ -3112,18 +3112,47 @@ let emergency_clear_mandatory_guidance ~__context =
      ) ;
   Db.Host.set_pending_guidances ~__context ~self ~value:[]
 
+let set_ssh_auto_mode ~__context ~self ~value =
+  debug "Setting SSH auto mode for host %s to %B"
+    (Helpers.get_localhost_uuid ())
+    value ;
+
+  Db.Host.set_ssh_auto_mode ~__context ~self ~value ;
+
+  try
+    (* When enabled, the ssh_monitor_service regularly checks XAPI status to manage SSH availability.
+       During normal operation when XAPI is running properly, SSH is automatically disabled.
+       SSH is only enabled during emergency scenarios
+       (e.g., when XAPI is down) to allow administrative access for troubleshooting. *)
+    if value then (
+      Xapi_systemctl.enable ~wait_until_success:false
+        !Xapi_globs.ssh_monitor_service ;
+      Xapi_systemctl.start ~wait_until_success:false
+        !Xapi_globs.ssh_monitor_service
+    ) else (
+      Xapi_systemctl.stop ~wait_until_success:false
+        !Xapi_globs.ssh_monitor_service ;
+      Xapi_systemctl.disable ~wait_until_success:false
+        !Xapi_globs.ssh_monitor_service
+    )
+  with e ->
+    error "Failed to configure SSH auto mode: %s" (Printexc.to_string e) ;
+    Helpers.internal_error "Failed to configure SSH auto mode: %s"
+      (Printexc.to_string e)
+
 let disable_ssh_internal ~__context ~self =
   try
     debug "Disabling SSH for host %s" (Helpers.get_localhost_uuid ()) ;
-    Xapi_systemctl.disable ~wait_until_success:false !Xapi_globs.ssh_service ;
+    if not (Db.Host.get_ssh_auto_mode ~__context ~self) then
+      Xapi_systemctl.disable ~wait_until_success:false !Xapi_globs.ssh_service ;
     Xapi_systemctl.stop ~wait_until_success:false !Xapi_globs.ssh_service ;
     Db.Host.set_ssh_enabled ~__context ~self ~value:false
   with e ->
     error "Failed to disable SSH for host %s: %s" (Ref.string_of self)
       (Printexc.to_string e) ;
     Helpers.internal_error "Failed to disable SSH: %s" (Printexc.to_string e)
 
-let schedule_disable_ssh_job ~__context ~self ~timeout =
+let schedule_disable_ssh_job ~__context ~self ~timeout ~auto_mode =
   let host_uuid = Helpers.get_localhost_uuid () in
   let expiry_time =
     match
@@ -3152,7 +3181,11 @@ let schedule_disable_ssh_job ~__context ~self ~timeout =
   Xapi_stdext_threads_scheduler.Scheduler.add_to_queue
     !Xapi_globs.job_for_disable_ssh
     Xapi_stdext_threads_scheduler.Scheduler.OneShot (Int64.to_float timeout)
-    (fun () -> disable_ssh_internal ~__context ~self
+    (fun () ->
+      disable_ssh_internal ~__context ~self ;
+      (* re-enable SSH auto mode if it was enabled before calling host.enable_ssh *)
+      if auto_mode then
+        set_ssh_auto_mode ~__context ~self ~value:true
   ) ;
 
   Db.Host.set_ssh_expiry ~__context ~self ~value:expiry_time
@@ -3161,6 +3194,10 @@ let enable_ssh ~__context ~self =
   try
     debug "Enabling SSH for host %s" (Helpers.get_localhost_uuid ()) ;
 
+    let cached_ssh_auto_mode = Db.Host.get_ssh_auto_mode ~__context ~self in
+    (* Disable SSH auto mode when SSH is enabled manually *)
+    set_ssh_auto_mode ~__context ~self ~value:false ;
+
     Xapi_systemctl.enable ~wait_until_success:false !Xapi_globs.ssh_service ;
     Xapi_systemctl.start ~wait_until_success:false !Xapi_globs.ssh_service ;
 
@@ -3171,6 +3208,7 @@ let enable_ssh ~__context ~self =
           !Xapi_globs.job_for_disable_ssh
     | t ->
         schedule_disable_ssh_job ~__context ~self ~timeout:t
+          ~auto_mode:cached_ssh_auto_mode
     ) ;
 
     Db.Host.set_ssh_enabled ~__context ~self ~value:true
@@ -3208,7 +3246,7 @@ let set_ssh_enabled_timeout ~__context ~self ~value =
           !Xapi_globs.job_for_disable_ssh ;
         Db.Host.set_ssh_expiry ~__context ~self ~value:Date.epoch
     | t ->
-        schedule_disable_ssh_job ~__context ~self ~timeout:t
+        schedule_disable_ssh_job ~__context ~self ~timeout:t ~auto_mode:false
 
 let set_console_idle_timeout ~__context ~self ~value =
   let assert_timeout_valid timeout =
@@ -3243,5 +3281,3 @@ let set_console_idle_timeout ~__context ~self ~value =
     error "Failed to configure console timeout: %s" (Printexc.to_string e) ;
     Helpers.internal_error "Failed to set console timeout: %Ld: %s" value
       (Printexc.to_string e)
-
-let set_ssh_auto_mode ~__context ~self:_ ~value:_ = ()

ocaml/xapi/xapi_host.mli

@@ -580,7 +580,11 @@ val set_console_idle_timeout :
   __context:Context.t -> self:API.ref_host -> value:int64 -> unit
 
 val schedule_disable_ssh_job :
-  __context:Context.t -> self:API.ref_host -> timeout:int64 -> unit
+     __context:Context.t
+  -> self:API.ref_host
+  -> timeout:int64
+  -> auto_mode:bool
+  -> unit
 
 val set_ssh_auto_mode :
   __context:Context.t -> self:API.ref_host -> value:bool -> unit

ocaml/xapi/xapi_periodic_scheduler_init.ml

@@ -90,6 +90,7 @@ let register ~__context =
       if Int64.compare expiry_time current_time > 0 then
         let remaining = Int64.sub expiry_time current_time in
         Xapi_host.schedule_disable_ssh_job ~__context ~self ~timeout:remaining
+          ~auto_mode:true
       (* handle the case where XAPI is not active when the SSH timeout expires *)
       else if Fe_systemctl.is_active ~service:!Xapi_globs.ssh_service then
         Xapi_host.disable_ssh ~__context ~self

ocaml/xapi/xapi_pool.ml

@@ -4071,6 +4071,13 @@ module Ssh = struct
         Client.Host.set_console_idle_timeout ~rpc ~session_id ~self ~value
       )
       ~error:Api_errors.set_console_timeout_partially_failed
+
+  let set_ssh_auto_mode ~__context ~self:_ ~value =
+    operate ~__context
+      ~action:(fun ~rpc ~session_id ~self ->
+        Client.Host.set_ssh_auto_mode ~rpc ~session_id ~self ~value
+      )
+      ~error:Api_errors.set_ssh_auto_mode_partially_failed
 end
 
 let enable_ssh = Ssh.enable
@@ -4081,4 +4088,4 @@ let set_ssh_enabled_timeout = Ssh.set_enabled_timeout
 
 let set_console_idle_timeout = Ssh.set_console_timeout
 
-let set_ssh_auto_mode ~__context ~self:_ ~value:_ = ()
+let set_ssh_auto_mode = Ssh.set_ssh_auto_mode