CP-53711: Apply SSH settings in joiner before update_non_vm_metadata

gangj · gangj · commit abd67037b51c · 2025-04-07T18:25:36.000+08:00
Signed-off-by: Gang Ji &lt;gang.ji@cloud.com&gt;
diff --git a/ocaml/xapi/xapi_pool.ml b/ocaml/xapi/xapi_pool.ml
@@ -955,17 +955,6 @@ let rec create_or_get_host_on_master __context rpc session_id (host_ref, host) :
         Client.Host.get_console_idle_timeout ~rpc ~session_id
           ~self:remote_coordinator
       in
-      (* Configure SSH service on local host *)
-      Xapi_host.set_console_idle_timeout ~__context ~self:host_ref
-        ~value:console_idle_timeout ;
-      Xapi_host.set_ssh_enabled_timeout ~__context ~self:host_ref
-        ~value:ssh_enabled_timeout ;
-      ( match ssh_enabled with
-      | true ->
-          Xapi_host.enable_ssh ~__context ~self:host_ref
-      | false ->
-          Xapi_host.disable_ssh ~__context ~self:host_ref
-      ) ;
       (* As ssh_expiry will be updated by host.enable_ssh and host.disable_ssh,
          there is a corner case when the joiner's SSH state will not match SSH
          service state in its new coordinator exactly: if the joiner joins when
@@ -1588,6 +1577,7 @@ let join_common ~__context ~master_address ~master_username ~master_password
         )
   in
 
+  let remote_coordinator = get_master ~rpc ~session_id in
   (* If management is on a VLAN, then get the Pool master
      management network bridge before we logout the session *)
   let pool_master_bridge, mgmt_pif =
@@ -1598,7 +1588,7 @@ let join_common ~__context ~master_address ~master_username ~master_password
     if Db.PIF.get_VLAN_master_of ~__context ~self:my_pif <> Ref.null then
       let pif =
         Client.Host.get_management_interface ~rpc ~session_id
-          ~host:(get_master ~rpc ~session_id)
+          ~host:remote_coordinator
       in
       let network = Client.PIF.get_network ~rpc ~session_id ~self:pif in
       (Some (Client.Network.get_bridge ~rpc ~session_id ~self:network), my_pif)
@@ -1688,6 +1678,38 @@ let join_common ~__context ~master_address ~master_username ~master_password
             "Unable to set the write the new pool certificates to the disk : %s"
             (ExnHelper.string_of_exn e)
       ) ;
+      ( try
+          let ssh_enabled_timeout =
+            Client.Host.get_ssh_enabled_timeout ~rpc ~session_id
+              ~self:remote_coordinator
+          in
+          let console_idle_timeout =
+            Client.Host.get_console_idle_timeout ~rpc ~session_id
+              ~self:remote_coordinator
+          in
+          (* Configure SSH service on local host to apply the settings which
+             will persisit after it joins the new pool.
+             Please note that ssh_enabled_timeout needs be set before
+             update_non_vm_metadata(), inside which ssh_expiry is queried to
+             set to host obj in remote coordinator DB.
+          *)
+          Xapi_host.set_console_idle_timeout ~__context ~self:me
+            ~value:console_idle_timeout ;
+          Xapi_host.set_ssh_enabled_timeout ~__context ~self:me
+            ~value:ssh_enabled_timeout ;
+          let ssh_enabled =
+            Client.Host.get_ssh_enabled ~rpc ~session_id
+              ~self:remote_coordinator
+          in
+          match ssh_enabled with
+          | true ->
+              Xapi_host.enable_ssh ~__context ~self:me
+          | false ->
+              Xapi_host.disable_ssh ~__context ~self:me
+        with e ->
+          error "Unable to configure SSH service on local host: %s"
+            (ExnHelper.string_of_exn e)
+      ) ;
       (* this is where we try and sync up as much state as we can
          with the master. This is "best effort" rather than
          critical; if we fail part way through this then we carry
