CP-49147: Reduce size of the pool record (uefi_certificates) #6182
Conversation
|
I would like to see this merged because UEFI takes up a lot of data in records. |
There was a problem hiding this comment.
Upon a second look over this PR, I am concerned about the change to "internal only". My understanding is that internal only fields affect what is seen in snapshots.
The API records manipulated internally comprise every field, but my understanding is that DB actions (generated) for get_record etc. exclude those fields (since they're typically things like related session references).
We should change the meaning of the field, but not its visibility to API users (which I fear this PR may have done accidentally).
|
I agree with @contificate. Making existing fields |
|
I'll need to find another method than |
A simpler semantics may be to make it so that overloading just works: if you specify a custom implementation, it will avoid endowing the object with implicitly-generated messages of the same name. |
|
Is this field is present on each host, with the same (large) content? So we can't simply remove the pool field completely, as it will break many things (clients and server), even when clients are not interested in the field at all. A more limited way of breaking compatibility is to change the contents of a single field, as you have done by hashing the value. I think we should leave it at that, and not try to fake the API getter of the field, which would be inconsistent with what you get back from If this makes it somehow hard for a client to get the right data, then we can still add a function to the pool class, but with a name that is different from the default getter. |
We've deprecated the per-host field though, pointing to the Pool field instead, so it is a bit awkward, not sure whether you can change them per host anymore. In fact we raise an exception if you try to set it per host, pointing you to use 'Pool.set_custom_uefi_certificates instead'. So actually one solution here would be to replace this field with the static value And normally you wouldn't have custom uefi certificates set, and just use the defaults. You can still query what the UEFI certificate actually is by quering the host object. We need to be careful that internally we don't accidentally fetch the certificate from the pool (where we only have the digest) instead of the host (where we have the real value), otherwise the VM won't actually have something valid. |
edwintorok
force-pushed
the
pr/CP-49147
branch
from
1e6f918 to
644d2f6
Compare
| ; ( Changed | ||
| , "25.6.0" | ||
| , "Field replaced with a digest. You can still get the actual \ | ||
| value by calling Host.get_uefi_certificates" |
There was a problem hiding this comment.
Then we should revert the deprecation status of host.uefi_certificates.
|
Do you want to replace the contents of the field when updating the pool? |
|
There was a bug here when the host certificate was empty, the pool certificate was still set to non-empty string, that should be fixed now. I don't think we need any special upgrade code, because this seems to be called from the startup steps of XAPI on each host, so a toolstack restart suffices to get the new values. |
There was a problem hiding this comment.
Appears to have pulled in other commits, but the relevant one (ba202ba) seems like it ought to work.
edwintorok
force-pushed
the
pr/CP-49147
branch
2 times, most recently
from
2606bbd to
e862c4c
Compare
This field is very big and part of every pool.get_all_records() call (done by SM), which is currently >64KiB in size. TODO: the Changed field needs to match the (future!) tag that this will receive. Signed-off-by: Edwin Török <[email protected]>
This field is very big and part of every pool.get_all_records() call (done by SM), which is currently >64KiB in size.
TODO: the Changed field needs to match the (future!) tag that this will receive. Hence draft.