CP-53711: Copy SSH settings from pool coordinator in pool join

gangj · gangj · commit a875364a9dde · 2025-04-02T17:20:13.000+08:00
During pool join, create a new host obj in the remote pool coordinator
DB with the same SSH settings as pool coordinator.

Also configure SSH service locally before xapi restart which will
persist after xapi restart.

Signed-off-by: Gang Ji &lt;gang.ji@cloud.com&gt;
diff --git a/ocaml/idl/datamodel_host.ml b/ocaml/idl/datamodel_host.ml
@@ -1300,6 +1300,41 @@ let create_params =
     ; param_release= numbered_release "24.40.0"
     ; param_default= Some (VString "")
     }
+  ; {
+      param_type= Bool
+    ; param_name= "ssh_enabled"
+    ; param_doc= "True if SSH access is enabled for the host"
+    ; param_release= numbered_release "25.14.0-next"
+    ; param_default= Some (VBool true)
+    }
+  ; {
+      param_type= Int
+    ; param_name= "ssh_enabled_timeout"
+    ; param_doc=
+        "The timeout in seconds after which SSH access will be automatically \
+         disabled (0 means never), this setting will be applied every time the \
+         SSH is enabled by XAPI"
+    ; param_release= numbered_release "25.14.0-next"
+    ; param_default= Some (VInt 0L)
+    }
+  ; {
+      param_type= DateTime
+    ; param_name= "ssh_expiry"
+    ; param_doc=
+        "The time in UTC after which the SSH access will be automatically \
+         disabled"
+    ; param_release= numbered_release "25.14.0-next"
+    ; param_default= Some (VDateTime Date.epoch)
+    }
+  ; {
+      param_type= Int
+    ; param_name= "console_idle_timeout"
+    ; param_doc=
+        "The timeout in seconds after which idle console will be automatically \
+         terminated (0 means never)"
+    ; param_release= numbered_release "25.14.0-next"
+    ; param_default= Some (VInt 0L)
+    }
   ]
 
 let create =
@@ -1312,6 +1347,12 @@ let create =
         , "Added --last_update_hash option to allow last_update_hash to be \
            kept for host joined a pool"
         )
+      ; ( Changed
+        , "25.14.0-next"
+        , "Added --ssh_enabled --ssh_enabled_timeout --ssh_expiry \
+           --console_idle_timeout options to allow them to be configured for \
+           new host"
+        )
       ]
     ~versioned_params:create_params ~doc:"Create a new host record"
     ~result:(Ref _host, "Reference to the newly created host object.")
diff --git a/ocaml/tests/common/test_common.ml b/ocaml/tests/common/test_common.ml
@@ -170,13 +170,16 @@ let make_host ~__context ?(uuid = make_uuid ()) ?(name_label = "host")
     ?(external_auth_service_name = "") ?(external_auth_configuration = [])
     ?(license_params = []) ?(edition = "free") ?(license_server = [])
     ?(local_cache_sr = Ref.null) ?(chipset_info = []) ?(ssl_legacy = false)
-    ?(last_software_update = Date.epoch) ?(last_update_hash = "") () =
+    ?(last_software_update = Date.epoch) ?(last_update_hash = "")
+    ?(ssh_enabled = true) ?(ssh_enabled_timeout = 0L) ?(ssh_expiry = Date.epoch)
+    ?(console_idle_timeout = 0L) () =
   let host =
     Xapi_host.create ~__context ~uuid ~name_label ~name_description ~hostname
       ~address ~external_auth_type ~external_auth_service_name
       ~external_auth_configuration ~license_params ~edition ~license_server
       ~local_cache_sr ~chipset_info ~ssl_legacy ~last_software_update
-      ~last_update_hash
+      ~last_update_hash ~ssh_enabled ~ssh_enabled_timeout ~ssh_expiry
+      ~console_idle_timeout
   in
   Db.Host.set_cpu_info ~__context ~self:host ~value:default_cpu_info ;
   host
diff --git a/ocaml/tests/test_host.ml b/ocaml/tests/test_host.ml
@@ -24,6 +24,8 @@ let add_host __context name =
        ~license_params:[] ~edition:"" ~license_server:[]
        ~local_cache_sr:Ref.null ~chipset_info:[] ~ssl_legacy:false
        ~last_software_update:Clock.Date.epoch ~last_update_hash:""
+       ~ssh_enabled:true ~ssh_enabled_timeout:0L ~ssh_expiry:Clock.Date.epoch
+       ~console_idle_timeout:0L
     )
 
 (* Creates an unlicensed pool with the maximum number of hosts *)
diff --git a/ocaml/xapi/dbsync_slave.ml b/ocaml/xapi/dbsync_slave.ml
@@ -59,7 +59,8 @@ let create_localhost ~__context info =
         ~external_auth_configuration:[] ~license_params:[] ~edition:""
         ~license_server:[("address", "localhost"); ("port", "27000")]
         ~local_cache_sr:Ref.null ~chipset_info:[] ~ssl_legacy:false
-        ~last_software_update:Date.epoch ~last_update_hash:""
+        ~last_software_update:Date.epoch ~last_update_hash:"" ~ssh_enabled:true
+        ~ssh_enabled_timeout:0L ~ssh_expiry:Date.epoch ~console_idle_timeout:0L
     in
     ()
 
diff --git a/ocaml/xapi/xapi_host.ml b/ocaml/xapi/xapi_host.ml
@@ -978,7 +978,8 @@ let is_host_alive ~__context ~host =
 let create ~__context ~uuid ~name_label ~name_description:_ ~hostname ~address
     ~external_auth_type ~external_auth_service_name ~external_auth_configuration
     ~license_params ~edition ~license_server ~local_cache_sr ~chipset_info
-    ~ssl_legacy:_ ~last_software_update ~last_update_hash =
+    ~ssl_legacy:_ ~last_software_update ~last_update_hash ~ssh_enabled
+    ~ssh_enabled_timeout ~ssh_expiry ~console_idle_timeout =
   (* fail-safe. We already test this on the joining host, but it's racy, so multiple concurrent
      pool-join might succeed. Note: we do it in this order to avoid a problem checking restrictions during
      the initial setup of the database *)
@@ -1042,9 +1043,8 @@ let create ~__context ~uuid ~name_label ~name_description:_ ~hostname ~address
     ~multipathing:false ~uefi_certificates:"" ~editions:[] ~pending_guidances:[]
     ~tls_verification_enabled ~last_software_update ~last_update_hash
     ~recommended_guidances:[] ~latest_synced_updates_applied:`unknown
-    ~pending_guidances_recommended:[] ~pending_guidances_full:[]
-    ~ssh_enabled:true ~ssh_enabled_timeout:0L ~ssh_expiry:Date.epoch
-    ~console_idle_timeout:0L ;
+    ~pending_guidances_recommended:[] ~pending_guidances_full:[] ~ssh_enabled
+    ~ssh_enabled_timeout ~ssh_expiry ~console_idle_timeout ;
   (* If the host we're creating is us, make sure its set to live *)
   Db.Host_metrics.set_last_updated ~__context ~self:metrics ~value:(Date.now ()) ;
   Db.Host_metrics.set_live ~__context ~self:metrics ~value:host_is_us ;
diff --git a/ocaml/xapi/xapi_host.mli b/ocaml/xapi/xapi_host.mli
@@ -130,6 +130,10 @@ val create :
   -> ssl_legacy:bool
   -> last_software_update:API.datetime
   -> last_update_hash:string
+  -> ssh_enabled:bool
+  -> ssh_enabled_timeout:int64
+  -> ssh_expiry:API.datetime
+  -> console_idle_timeout:int64
   -> [`host] Ref.t
 
 val destroy : __context:Context.t -> self:API.ref_host -> unit
diff --git a/ocaml/xapi/xapi_pool.ml b/ocaml/xapi/xapi_pool.ml
@@ -943,6 +943,38 @@ let rec create_or_get_host_on_master __context rpc session_id (host_ref, host) :
           create_or_get_sr_on_master __context rpc session_id
             (my_local_cache_sr, my_local_cache_sr_rec)
       in
+      let remote_coordinator = get_master ~rpc ~session_id in
+      let ssh_enabled =
+        Client.Host.get_ssh_enabled ~rpc ~session_id ~self:remote_coordinator
+      in
+      let ssh_enabled_timeout =
+        Client.Host.get_ssh_enabled_timeout ~rpc ~session_id
+          ~self:remote_coordinator
+      in
+      let console_idle_timeout =
+        Client.Host.get_console_idle_timeout ~rpc ~session_id
+          ~self:remote_coordinator
+      in
+      (* Configure SSH service on local host *)
+      Xapi_host.set_console_idle_timeout ~__context ~self:host_ref
+        ~value:console_idle_timeout ;
+      Xapi_host.set_ssh_enabled_timeout ~__context ~self:host_ref
+        ~value:ssh_enabled_timeout ;
+      ( match ssh_enabled with
+      | true ->
+          Xapi_host.enable_ssh ~__context ~self:host_ref
+      | false ->
+          Xapi_host.disable_ssh ~__context ~self:host_ref
+      ) ;
+      (* As ssh_expiry will be updated by host.enable_ssh and host.disable_ssh,
+         there is a corner case when the joiner's SSH state will not match SSH
+         service state in its new coordinator exactly: if the joiner joins when
+         SSH service has been enabled in the new coordinator, while not timed
+         out yet, the joiner will start SSH service with timeout
+         host.ssh_enabled_timeout, which means SSH service in the joiner will
+         be disabled later than in the new coordinator. *)
+      let ssh_expiry = Db.Host.get_ssh_expiry ~__context ~self:host_ref in
+
       debug "Creating host object on master" ;
       let ref =
         Client.Host.create ~rpc ~session_id ~uuid:my_uuid
@@ -962,7 +994,8 @@ let rec create_or_get_host_on_master __context rpc session_id (host_ref, host) :
           ~local_cache_sr ~chipset_info:host.API.host_chipset_info
           ~ssl_legacy:false
           ~last_software_update:host.API.host_last_software_update
-          ~last_update_hash:host.API.host_last_update_hash
+          ~last_update_hash:host.API.host_last_update_hash ~ssh_enabled
+          ~ssh_enabled_timeout ~ssh_expiry ~console_idle_timeout
       in
       (* Copy other-config into newly created host record: *)
       no_exn

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,8 @@ let add_host __context name =`
`24`	`24`	`~license_params:[] ~edition:"" ~license_server:[]`
`25`	`25`	`~local_cache_sr:Ref.null ~chipset_info:[] ~ssl_legacy:false`
`26`	`26`	`~last_software_update:Clock.Date.epoch ~last_update_hash:""`
	`27`	`+ ~ssh_enabled:true ~ssh_enabled_timeout:0L ~ssh_expiry:Clock.Date.epoch`
	`28`	`+ ~console_idle_timeout:0L`
`27`	`29`	`)`
`28`	`30`
`29`	`31`	`(* Creates an unlicensed pool with the maximum number of hosts *)`