CP-53477 Update API/CLI to Support Dom0 SSH Control #6385
Conversation
…onfigure Add new host object fields: - ssh_enabled - ssh_enabled_timeout - ssh_expiry - console_idle_timeout Add new host/pool API to enable to set a temporary enabled SSH service timeout - set_ssh_enable_timeout Add new host/pool API to enable to set console timeout - set_console_timeout Signed-off-by: Lunfan Zhang <Lunfan.Zhang@cloud.com>
|
All codes are in only one commit. I would suggest split them into at least 3 commits:
|
That needs to be fixed then... |
| ~default_value:(Some (VDateTime Date.epoch)) "ssh_expiry" | ||
| "The time when SSH access will expire" | ||
| ; field ~qualifier:RW ~lifecycle:[] ~ty:Int | ||
| ~default_value:(Some (VInt 0L)) "console_idle_timeout" |
There was a problem hiding this comment.
Why do ssh_enabled_timeout and console_idle_timeout have different unit?
There was a problem hiding this comment.
From a user perspective, the SSH service timeout should be longer than the idle session timeout. Generally, users might set ssh_enabled_timeout to 30 minutes and console_idle_timeout to 600 seconds, as defined in the REQ. I assume this is reasonable.
| @@ -2368,6 +2368,29 @@ let disable_ssh = | |||
| ~params:[(Ref _host, "self", "The host")] | |||
| ~allowed_roles:_R_POOL_ADMIN () | |||
|
|
|||
| let set_ssh_enable_timeout = | |||
| call ~name:"set_ssh_enable_timeout " ~lifecycle:[] | |||
There was a problem hiding this comment.
I think the SDK failure may be caused by the blank space after set_ssh_enable_timeout ...
| @@ -2368,6 +2368,29 @@ let disable_ssh = | |||
| ~params:[(Ref _host, "self", "The host")] | |||
| ~allowed_roles:_R_POOL_ADMIN () | |||
|
|
|||
| let set_ssh_enable_timeout = | |||
| call ~name:"set_ssh_enable_timeout " ~lifecycle:[] | |||
| ~doc:"Set the SSH service enabled timeout for the host" | |||
There was a problem hiding this comment.
Is this the enable or enabled timeout? There is a contradiciton between the documentation and the name of the function.
There was a problem hiding this comment.
The original definition is set_ssh_enable_timeout, but it is conflict with the db setter for new fields ssh_enabled_timeout.
How about set_enabled_ssh_timeout or set_ssh_timeout?
| (Ref _host, "self", "The host") | ||
| ; ( Int | ||
| , "timeout" | ||
| , "The SSH enabled timeout in minutes (0 means no timeout, max 2880)" |
There was a problem hiding this comment.
Most time values are seconds in the API. So this is likely to cause errors and there is no hint in the names that this is minutes.
There was a problem hiding this comment.
Make sense, I will update to sec
| ~params: | ||
| [ | ||
| (Ref _host, "self", "The host") | ||
| ; (Int, "console_timeout", "The idle console timeout in seconds") |
There was a problem hiding this comment.
Case in point: here we use seconds.
| @@ -204,6 +204,20 @@ let get_pbds_host rpc session_id pbds = | |||
| let get_sr_host rpc session_id record = | |||
| get_pbds_host rpc session_id record.API.sR_PBDs | |||
|
|
|||
| let get_unified_field ~rpc ~session_id ~getter ~transform ~default = | |||
There was a problem hiding this comment.
What is the purpose of the function? Its semantics seem unusual. Please add documentation.
There was a problem hiding this comment.
This function iterates over specific fields retrieved from all the hosts in a pool. If all the fields have the same value, it prints that value; otherwise, it prints the default value.
There was a problem hiding this comment.
If this is about reporting, I believe the maximum should be reported. If this is about using a value, the minimum should be used. This is a security feature and I can't see the purpose of a default if values don't agree.
| @@ -3112,22 +3114,167 @@ let emergency_clear_mandatory_guidance ~__context = | |||
| ) ; | |||
| Db.Host.set_pending_guidances ~__context ~self ~value:[] | |||
|
|
|||
| let validate_timeout timeout = | |||
| if timeout < 0L || timeout > 2880L then | |||
There was a problem hiding this comment.
The maximum is 48h. It would be better expressed as 48*60. But I question that such a high timeout is even sensible. As I said before - this is the API and would prefer to keep times to seconds. The XE interface could still accept minutes.
There was a problem hiding this comment.
I discussed this with the architecture team and the PM, and we agreed to consider this limitation as acceptable for a weekend day.
and I agree to keep the time in seconds for better accuracy control, aligning with the general practices of XAPI.
| let current_time = Date.now () in | ||
|
|
||
| let expiry_time = | ||
| let current_secs = Date.to_unix_time current_time in |
There was a problem hiding this comment.
I believe this should be expressed using time spans. @psafont
There was a problem hiding this comment.
Sorry, I do not get the point, could you explain more?
There was a problem hiding this comment.
We avoid time calculations as the one above and prefer to use Ptime - but @psafont is the expert.
| Helpers.call_script "/bin/bash" ["-c"; script] |> Result.ok | ||
| | timeout -> | ||
| let script = | ||
| Printf.sprintf |
There was a problem hiding this comment.
I am not sure I like modifying a file by creating a shell script that does this - rather than doing it directly. What does the source /root/.bashrc when executed here achieve?
|
|
||
| let set_ssh_enable_timeout ~__context ~self ~timeout = | ||
| let uuid = host_uuid ~__context self in | ||
| info "Host.set_ssh_enable_timeout : host = '%s'" uuid ; |
There was a problem hiding this comment.
Can use __FUNCTION__ to replace Host.set_ssh_enable_timeout.
There was a problem hiding this comment.
Actually, for these ones in message_forwarding, please leave it as it, as it is meant to show the API call that was made (not the OCaml function). But please add the timeout value.
| ) | ||
| hosts | ||
|
|
||
| let set_console_timeout ~__context ~self:_ ~console_timeout = |
There was a problem hiding this comment.
What happens if one of the hosts fails?
| val set_console_timeout : | ||
| __context:Context.t -> self:API.ref_host -> console_timeout:int64 -> unit | ||
|
|
||
| val schedule_disable_job : |
There was a problem hiding this comment.
schedule_disable_job is only used inside xapi_host, so it doesn't need to be added to mli.
There was a problem hiding this comment.
It should be exposed, because we will use it in another PR.
| Db.Host.set_ssh_enabled ~__context ~self ~value:false ; | ||
| debug "Successfully disabled SSH for host %s" host_uuid | ||
| with e -> | ||
| error "Failed to disable SSH for host %s: %s" host_uuid |
There was a problem hiding this comment.
Should the exception be thrown out?
| | 0L -> | ||
| remove_disable_job ~__context ~self | ||
| | t -> | ||
| schedule_disable_job ~__context ~self ~timeout:(Int64.mul t 60L) |
There was a problem hiding this comment.
If enable and start are successful, but schedule_disable_job is failed, then the ssh service will always be on. This is not expected. How to handle this scenario?
There was a problem hiding this comment.
There is no way to handle this because the schedule_disable_job is an asynchronous job.
| else | ||
| timeout | ||
|
|
||
| let remove_disable_job ~__context ~self = |
There was a problem hiding this comment.
I would suggest renaming it to remove_disable_ssh_job.
| let task_name = Printf.sprintf "disable_ssh_for_host_%s" host_uuid in | ||
| Xapi_stdext_threads_scheduler.Scheduler.remove_from_queue task_name | ||
|
|
||
| let schedule_disable_job ~__context ~self ~timeout = |
There was a problem hiding this comment.
I would suggest renaming it to schedule_disable_ssh_job.
| Db.Host.set_ssh_enabled_timeout ~__context ~self ~value:timeout | ||
| ) | ||
|
|
||
| let set_console_timeout ~__context ~self ~console_timeout = |
There was a problem hiding this comment.
Is this used for both "ssh session timeout" and "VNC session timeout"?
|
|
||
| let configure_timeout = function | ||
| | 0L -> | ||
| let script = |
There was a problem hiding this comment.
Could the script lines with 0L and timeout be combined into one line with a variable?
| @@ -3112,22 +3114,167 @@ let emergency_clear_mandatory_guidance ~__context = | |||
| ) ; | |||
| Db.Host.set_pending_guidances ~__context ~self ~value:[] | |||
|
|
|||
| let validate_timeout timeout = | |||
There was a problem hiding this comment.
As it will not be used in other places and it is with a general name, pls make it an inner func of set_ssh_enable_timeout
| @@ -1571,6 +1571,33 @@ let disable_ssh = | |||
| ~params:[(Ref _pool, "self", "The pool")] | |||
| ~allowed_roles:_R_POOL_ADMIN () | |||
|
|
|||
| let set_ssh_enable_timeout = | |||
| call ~name:"set_ssh_enable_timeout " ~lifecycle:[] | |||
| @@ -204,6 +204,20 @@ let get_pbds_host rpc session_id pbds = | |||
| let get_sr_host rpc session_id record = | |||
| get_pbds_host rpc session_id record.API.sR_PBDs | |||
|
|
|||
| let get_unified_field ~rpc ~session_id ~getter ~transform ~default = | |||
There was a problem hiding this comment.
Would be better to change it to a more specified name, how about: get_common_value_from_all_hosts
| if List.for_all (( = ) first_value) all_values then | ||
| first_value | ||
| else | ||
| default |
There was a problem hiding this comment.
Print a log for the detailed differences in the hosts.
Hi @BengangY @lindig @gangj , Thanks for your comments above. to ensure rest (e.g., pool-join related) work is not blocked while waiting for the PR review, I will
|
LunfanZhang
changed the title
|
Close this for now, as this PR cannot be reviewed yet. PR #6388 needs to be reviewed first, and this PR conflicts with it. |
This PR introduces support for Dom0 SSH control, providing the following capabilities:
Query the SSH status.
Configure a temporary SSH enable timeout for a specific host or all hosts in the pool.
Configure the console idle timeout for a specific host or all hosts in the pool.
Changes
New Host Object Fields:
ssh_enabled: Indicates whether SSH is enabled.ssh_enabled_timeout: Specifies the timeout for temporary SSH enablement.ssh_expiry: Tracks the expiration time for temporary SSH enablement.console_idle_timeout: Configures the idle timeout for the console.New Host/Pool APIs:
set_ssh_enable_timeout: Allows setting a temporary timeout for enabling the SSH service.set_console_timeout: Allows configuring the console idle timeout.