CP-53711: Copy SSH settings from pool coordinator in pool join#6395
Conversation
| ; param_name= "username" | ||
| ; param_doc= "The username of the remote pool" | ||
| ; param_release= numbered_release "25.6.0-next" | ||
| ; param_release= numbered_release "25.7.0" |
There was a problem hiding this comment.
Should we update these release versions when the feature branch is ready to be merged into the master branch?
There was a problem hiding this comment.
This is a fixup for merged code, not from the feature branch.
There was a problem hiding this comment.
I think it's easy to ignore changing the next to release version. Please remember do it when merging to master. BTW, there is gen_lifecycle to check datamodel_lifecycle.ml, see here. I think similar methods can be used for datamodel_pool and datamodel_host too. It can be considered in the future.
|
"...will be dropped sson." |
gangj
force-pushed
the
private/gangj/CP-53711
branch
from
bbfe5a4 to
01fe4e3
Compare
ocaml/xapi/xapi_pool.ml
Outdated
| Client.Host.get_console_idle_timeout ~rpc ~session_id | ||
| ~self:remote_coordinator | ||
| in | ||
| (* Configure SSH service parameters in local DB to setup local SSH |
There was a problem hiding this comment.
"to set up" ("setup" is a noun but you need a verb here)
| out yet, the joiner will start SSH service with timeout | ||
| host.ssh_enabled_timeout, which means SSH service in the joiner will | ||
| be disabled later than in the new coordinator. *) | ||
| let ssh_expiry = Db.Host.get_ssh_expiry ~__context ~self:host_ref in |
There was a problem hiding this comment.
The joining host is going through a reboot. What is the general policy for SSH over a reboot? If SSH was enabled before reboot, what is the state after reboot?
There was a problem hiding this comment.
The joining host will not reboot, only xapi will have a restart to finish the joining.
While a host will go through a reboot when it is ejected from a pool. And I think in current design, SSH service status will be kept after reboot:
- If SSH service is enabled without timeout or disabled, it will not change after reboot.
- If SSH service is being enabled with a timeout, after reboot, it will be enabled with remaining timeout, and be disabled after time is up.
There was a problem hiding this comment.
So the current policy is to sync the same status, including ssh_expiry, from the pool coordinator to the newly joined host. It relies on the reboot mechanism to ensure SSH is disabled eventually. Essentially, the newly joined host will follow the same process as the pool coordinator: reboot, check if the expiry time is greater than the current time, and trigger a disable.
There was a problem hiding this comment.
So the current policy is to sync the same status, including ssh_expiry, from the pool coordinator to the newly joined host.
No, ssh_expiry will be now + ssh_enabled_timeout for the new joined host as we discussed offline, pls check the code.
gangj
force-pushed
the
private/gangj/CP-53711
branch
from
01fe4e3 to
bd6c586
Compare
|
Force push to re-base to latest feature branch, which merged the latest master to fix the build failure. |
gangj
force-pushed
the
private/gangj/CP-53711
branch
from
bd6c586 to
a09a2ed
Compare
| ; param_name= "username" | ||
| ; param_doc= "The username of the remote pool" | ||
| ; param_release= numbered_release "25.6.0-next" | ||
| ; param_release= numbered_release "25.7.0" |
There was a problem hiding this comment.
I think it's easy to ignore changing the next to release version. Please remember do it when merging to master. BTW, there is gen_lifecycle to check datamodel_lifecycle.ml, see here. I think similar methods can be used for datamodel_pool and datamodel_host too. It can be considered in the future.
| ?(license_params = []) ?(edition = "free") ?(license_server = []) | ||
| ?(local_cache_sr = Ref.null) ?(chipset_info = []) ?(ssl_legacy = false) | ||
| ?(last_software_update = Date.epoch) ?(last_update_hash = "") () = | ||
| ?(last_software_update = Date.epoch) ?(last_update_hash = "") |
There was a problem hiding this comment.
Why do we add these parameters to make_host? I don't see them been used.
There was a problem hiding this comment.
They are used below: in line 181 and 182.
ocaml/xapi/xapi_pool.ml
Outdated
| Db.Host.set_ssh_enabled ~__context ~self:host_ref ~value:ssh_enabled ; | ||
| Db.Host.set_ssh_enabled_timeout ~__context ~self:host_ref | ||
| ~value:ssh_enabled_timeout ; | ||
| Db.Host.set_console_idle_timeout ~__context ~self:host_ref |
There was a problem hiding this comment.
set_console_idle_timeout also updates /root/.bashrc. Should here call the API host.set_console_idle_timeout instead of updating DB directly?
There was a problem hiding this comment.
Yes, it is clear with API call, changed to that.
| Client.Host.get_ssh_enabled ~rpc ~session_id ~self:remote_coordinator | ||
| in | ||
| let ssh_enabled_timeout = | ||
| Client.Host.get_ssh_enabled_timeout ~rpc ~session_id |
There was a problem hiding this comment.
Will Client.Host.get_ssh_enabled_timeout send API call to the remote coordinator? If so, it will send 4 times API calls. Could it just send one time API call to fetch all these 4 parameters?
There was a problem hiding this comment.
I think we can't do that without querying all the records. Or how?
There was a problem hiding this comment.
Could Client.Host.get_record work?
There was a problem hiding this comment.
That will query all the records of the host, I think it is expensive.
gangj
force-pushed
the
private/gangj/CP-53711
branch
from
a09a2ed to
30bd072
Compare
During pool join, create a new host obj in the remote pool coordinator DB with the same SSH settings as pool coordinator. Also configure SSH service locally before xapi restart which will persist after xapi restart. Signed-off-by: Gang Ji <gang.ji@cloud.com>
gangj
force-pushed
the
private/gangj/CP-53711
branch
from
30bd072 to
a875364
Compare
gangj
merged commit 6e6c0ed
into
xapi-project:feature/configure-ssh-phase2
| ( match ssh_enabled with | ||
| | true -> | ||
| Xapi_host.enable_ssh ~__context ~self:host_ref | ||
| | false -> | ||
| Xapi_host.disable_ssh ~__context ~self:host_ref | ||
| ) ; |
There was a problem hiding this comment.
This doesn't really belong here in this create_or_get_host_on_master function, where the purpose is to create a host record for joining host on the in pool's DB. It would be better to factor out these additional side effects to keep the logic clean(er).
6 participants
No description provided.