Skip to content

Backports for UPD-1009 / CP-50580 #5935

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Aug 14, 2024
Merged

Backports for UPD-1009 / CP-50580 #5935

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
f0afe95
CA-394169: Allow task to have permissions on itself
Jun 18, 2024
32cd15f
CA-394169: Allow task to have permissions on itself - backport
GabrielBuica Jun 18, 2024
3b85b7a
CA-394444: Update task cancellation in `message_forwarding.ml`
GabrielBuica Jun 18, 2024
7e01f00
CA-394444: Update `vm_operation_table`
GabrielBuica Jun 18, 2024
c014291
CA-395174: Try to unarchive VM's metrics when they aren't running
psafont Jul 8, 2024
da92725
CA-395174: Try to unarchive VM's metrics when they aren't running
psafont Jul 8, 2024
a6b658d
CA-395174: rrdd_proxy: Change *_at to specify the IP address
psafont Jul 8, 2024
41474a7
CA-395174: rrdd_proxy: Use Option to encode where VMs might be availa…
psafont Jul 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions ocaml/xapi-cli-server/record_util.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,7 @@ let vm_operation_table =
; (`changing_NVRAM, "changing_NVRAM")
; (`start, "start")
; (`start_on, "start_on")
; (`shutdown, "shutdown")
; (`suspend, "suspend")
; (`unpause, "unpause")
; (`update_allowed_operations, "update_allowed_operations")
Expand Down
1 change: 1 addition & 0 deletions ocaml/xapi/message_forwarding.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1858,6 +1858,7 @@ functor
; `hard_reboot
; `pool_migrate
; `call_plugin
; `shutdown
; `suspend
] ;
(* If VM is actually suspended and we ask to hard_shutdown, we need to
Expand Down
30 changes: 21 additions & 9 deletions ocaml/xapi/rrdd_proxy.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,17 +77,19 @@ let get_vm_rrd_forwarder (req : Http.Request.t) (s : Unix.file_descr) _ =
Http_svr.headers s (Http.http_302_redirect url)
in
let unarchive () =
let req = {req with uri= Constants.rrd_unarchive_uri} in
let req = {req with m= Post; uri= Constants.rrd_unarchive_uri} in
ignore
(Xapi_services.hand_over_connection req s
!Rrd_interface.forwarded_path
)
in
let unavailable () =
Http_svr.headers s (Http.http_503_service_unavailable ())
in
(* List of conditions involved. *)
let is_unarchive_request =
List.mem_assoc Constants.rrd_unarchive query
in
let is_master = Pool_role.is_master () in
let is_owner_online owner = Db.is_valid_ref __context owner in
let is_xapi_initialising = List.mem_assoc "dbsync" query in
(* The logic. *)
Expand All @@ -99,15 +101,25 @@ let get_vm_rrd_forwarder (req : Http.Request.t) (s : Unix.file_descr) _ =
let owner = Db.VM.get_resident_on ~__context ~self:vm_ref in
let owner_uuid = Ref.string_of owner in
let is_owner_localhost = owner_uuid = localhost_uuid in
if is_owner_localhost then
if is_master then
let owner_is_available =
is_owner_online owner && not is_xapi_initialising
in
match
(Pool_role.get_role (), is_owner_localhost, owner_is_available)
with
| (Master | Slave _), false, true ->
(* VM is running elsewhere *)
read_at_owner owner
| Master, true, _ | Master, false, false ->
(* VM running on node, or not running at all. *)
unarchive ()
else
| Slave _, true, _ | Slave _, _, false ->
(* Coordinator knows best *)
unarchive_at_master ()
else if is_owner_online owner && not is_xapi_initialising then
read_at_owner owner
else
unarchive_at_master ()
| Broken, _, _ ->
info "%s: host is broken, VM's metrics are not available"
"get_vm_rrd_forwarder" ;
unavailable ()
)

(* Forward the request for host RRD data to the RRDD HTTP handler. If the host
Expand Down
30 changes: 17 additions & 13 deletions ocaml/xapi/taskHelper.ml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,15 @@ let rbac_assert_permission_fn = ref None

(* required to break dep-cycle with rbac.ml *)

let are_auth_user_ids_of_sessions_equal ~__context s1 s2 =
let s1_auth_user_sid =
Db_actions.DB_Action.Session.get_auth_user_sid ~__context ~self:s1
in
let s2_auth_user_sid =
Db_actions.DB_Action.Session.get_auth_user_sid ~__context ~self:s2
in
s1_auth_user_sid = s2_auth_user_sid

let assert_op_valid ?(ok_if_no_session_in_context = false) ~__context task_id =
let assert_permission_task_op_any () =
match !rbac_assert_permission_fn with
Expand All @@ -80,19 +89,14 @@ let assert_op_valid ?(ok_if_no_session_in_context = false) ~__context task_id =
| Some context_session ->
let is_own_task =
try
let task_session =
Db_actions.DB_Action.Task.get_session ~__context ~self:task_id
in
let task_auth_user_sid =
Db_actions.DB_Action.Session.get_auth_user_sid ~__context
~self:task_session
in
let context_auth_user_sid =
Db_actions.DB_Action.Session.get_auth_user_sid ~__context
~self:context_session
in
(*debug "task_auth_user_sid=%s,context_auth_user_sid=%s" task_auth_user_sid context_auth_user_sid;*)
task_auth_user_sid = context_auth_user_sid
(* If the task id is the same as the context's task id, we don't need
to go theough their respective sessions.*)
match Context.get_task_id __context = task_id with
| true ->
true
| false ->
are_auth_user_ids_of_sessions_equal ~__context context_session
(Db_actions.DB_Action.Task.get_session ~__context ~self:task_id)
with e ->
debug "assert_op_valid: %s" (ExnHelper.string_of_exn e) ;
false
Expand Down
Loading