Merge SSH auto-mode feature to next #6601
Conversation
Add new host object fields: - ssh_auto_mode Add new host/pool API to enable to set auto mode - set_ssh_auto_mode Signed-off-by: Lunfan Zhang <[email protected]>
Implemented XAPI APIs for SSH auto mode configuration: - `host.set_ssh_auto_mode`: Configures SSH auto mode for a specific host. - `pool.set_ssh_auto_mode`: Configures SSH auto mode for all hosts in the pool. Additionally: - `host.enable_ssh` now automatically sets SSH auto mode to `false`. Signed-off-by: Lunfan Zhang <[email protected]>
Updated `records.ml` file to support `host-param-set/get/list` and `pool-param-set/get/list` for ssh-auto-mode. Signed-off-by: Lunfan Zhang <[email protected]>
This PR introduces support for Dom0 SSH control, providing the capability to configure the auto mode for a specific host or all hosts in the pool. New Host Object Fields and Host/Pool API: - `ssh_auto_mode`: Indicates whether SSH auto mode is enabled. configure to true means startup SSH when the XAPI service is down; stop SSH when the XAPI service is up. configure to false means SSH service status is independent and not effected by the XAPI service status. - `set_ssh_auto_mode`: Allows setting auto mode for specific host or all hosts in the pool. (Note: Default value for XS8/XS9, pool join/eject operations, and XAPI startup scenarios will be addressed in the next PR, this PR only include the change of data_mode/API/cli )
- For XS8, a configuration file (/etc/xapi.conf.d/ssh-auto-mode.conf) will be loaded, and auto_mode will be set to false. - For XS9, no configuration file exists, so the default value will be set to true. Signed-off-by: Lunfan Zhang[Lunfan.Zhang] <[email protected]>
- Copy auto mode setting from pool coordinator in pool join - Restore auto mode setting to default when pool eject Signed-off-by: Lunfan Zhang[Lunfan.Zhang] <[email protected]>
…lt Values (#6484) This PR aim to add following change for auto-mode: Copy the auto-mode setting from the pool coordinator during a pool join. and restore the auto-mode setting to default value when a pool eject occurs. - In XS8, the auto-mode is set to false by loading the config file `/etc/xapi.conf.d/ssh-auto-mode.conf`. - In XS9, default value is set to true.
Merge master to feature branch
- Move `set_ssh_expiry` outside of the `schedule_disable_ssh_job` to avoid restart XAPI reset host.ssh_expiry - Ensure the SSH service is enabled during auto-mode Signed-off-by: Lunfan Zhang[Lunfan.Zhang] <[email protected]>
- Move the `set_ssh_expiry` outside of the `schedule_disable_ssh_job` to avoid restart XAPI reset host.ssh_expiry - Ensure the SSH service is always enabled during auto-mode
…exceeds the timeout duration Signed-off-by: Lunfan Zhang[Lunfan.Zhang] <[email protected]>
…exceeds the timeout duration (#6574) When XAPI fails for an extended period that exceeds the timeout duration, it loses the original auto-mode setting that was configured before the timeout. After XAPI restarts, the auto-mode should be reset to true for security purposes.
For the following scenarios, console timeout may not reflect the real status of the database: - XenServer upgrade to a new version - User accidentally deletes the configuration file Add checks to ensure database and real status are matched. Signed-off-by: Lunfan Zhang[Lunfan.Zhang] <[email protected]>
Merge master to feature branch and resolve the following conflicts: ```ocaml $ git show db5ad7d commit db5ad7d (HEAD -> private/luzhan/sync-master-to-feature, mygithub/private/luzhan/sync-master-to-feature) Merge: d34d581 c185101 Author: Lunfan Zhang[Lunfan.Zhang] <[email protected]> Date: Mon Jul 21 08:50:26 2025 +0000 Merge master to feature branch diff --cc ocaml/idl/schematest.ml index d3914f4,7bd70cb3a..963231d --- a/ocaml/idl/schematest.ml +++ b/ocaml/idl/schematest.ml @@@ -3,7 -3,7 +3,7 @@@ let hash x = Digest.string x |> Digest. (* BEWARE: if this changes, check that schema has been bumped accordingly in ocaml/idl/datamodel_common.ml, usually schema_minor_vsn *) - let last_known_schema_hash = "a030fa0233a69a33200b628af0f030c7" -let last_known_schema_hash = "9cd32d98d092440c36617546a3d995bd" ++let last_known_schema_hash = "7586cb039918e573594fc358e90b0f04" let current_schema_hash : string = let open Datamodel_types in diff --cc ocaml/xapi/xapi_globs.ml index 14459e1,7bdd07079..ba08ad1 --- a/ocaml/xapi/xapi_globs.ml +++ b/ocaml/xapi/xapi_globs.ml @@@ -1757,12 -1758,16 +1762,22 @@@ let other_options , (fun () -> string_of_bool !validate_reusable_pool_session) , "Enable validation of reusable pool sessions before use" ) + ; ( "ssh-auto-mode" + , Arg.Bool (fun b -> ssh_auto_mode_default := b) + , (fun () -> string_of_bool !ssh_auto_mode_default) + , "Defaults to true; overridden to false via \ + /etc/xapi.conf.d/ssh-auto-mode.conf(e.g., in XenServer 8)" + ) + ; ( "vm-sysprep-enabled" + , Arg.Set vm_sysprep_enabled + , (fun () -> string_of_bool !vm_sysprep_enabled) + , "Enable VM.sysprep API" + ) + ; ( "vm-sysprep-wait" + , Arg.Set_float vm_sysprep_wait + , (fun () -> string_of_float !vm_sysprep_wait) + , "Time in seconds to wait for VM to recognise inserted CD" + ) ] (* The options can be set with the variable xapiflags in /etc/sysconfig/xapi ```
Signed-off-by: Lunfan Zhang[Lunfan.Zhang] <[email protected]>
|
@LunfanZhang @gangj @BengangY I said yesterday this needed a design before merging to master, why was this merged without such document? |
@psafont We already have an approved internal design document, and there is a CP ticket tracking the design Doc prepare to code repo as well which will be submitted in the coming days. maybe we should not delay the merge as Doc is not a blocker and we have schedule commitments to meet. |
I know you do, but this blocks maintainers like me from reviewing code into the shared branch that is |
Thank you for the clarification @psafont . We weren't aware of this change when dev this feature, I remember we don`t have such limitation before and adding it now would delay our scheduled timeline. For future features, we will include documentation preparation in our PR planning to align with guidelines. |
|
Thank you for your understanding |
|
Pau and others in the xapi-project community do not have access to internal docs at Citrix, while they do review and maintain the code. We are in the process to becoming more "open" as an open-source project, which means that we need to start publishing designs in the open as well. However, it's a transition that takes a bit of time to time adjust to for everyone involved. |
|
Design Doc added at PR: #6608 |
6 participants
No description provided.