Update VTPM feature branch with latest changes in master #4649
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
This is not done in the quality gate as this makes it difficult to isolate this change to a single file Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
There were a lot of warnings silenced because of all the different dune files setting their own flags. Now most binaries and libraries use the default declared at the root of the project. There are exceptions: - Some code that's autogenerated or ppx'd generates a lot of warnings for no benefit - Some libraries and binaries like Squeezed uses -bin-annot The number of errors / warning has gone down because they appear sooner and block the previous errors from appearing, not because they have been fixed Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
This commit aims to hide the proxy_username and proxy_password of repository from log file. Signed-off-by: Ming Lu <ming.lu@citrix.com>
… file This commit removes credential related info from the remote repository conf file as there might be proxy credentials (proxy_username and proxy_password) and the temporary token file path in it. Signed-off-by: Ming Lu <ming.lu@citrix.com>
…362704 Hide credentials in repository configuration from log
Authentication with client certificate requires permission to run 'pool.set_wlb_enabled'. This commit is just for this. Signed-off-by: Ming Lu <ming.lu@citrix.com>
…38450 Add pool.set_wlb_enabled permission for client auth
Certificate checking for clusterd is implemented by relying on the certificates xapi uses for intra-pool communication. This implies that only hosts part of a xapi pool can form a cluster. Each host in the pool has a certficate (public and private key) and knows the public keys of all hosts in the pool. These are kept in PEM bundles. We remove code from a previous design where clusterd used a single certificate generated by xapi which was passed to clusterd. A tls_config, sent to clusterd, contains the essential information: * The common name (CN) * Path the server certificate * Optional path to bundle with trusted certificate or None if clusterd should not perform certficate checking. The tls_config is global per cluster and hence the CN has to be a global value and can't be specific per host. For now, use a simple string to avoid confusion. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
Certificates for xapi's API clients and internal pool communication are generated by gencert.service, which invokes gencert for this. The certificate for the API clients requires the IP of the management interface (obtained by gencert), which might not be yet available and causes this to fail. The certificate for the pool communication does not suffer from this dependency. So generate it first to have it available. If the second call then fails, the systemd will run it again. But gencert is idempotent such that the already created certificate for pool communication won't be overwritten. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
These two methods are used when performing VM.pool_migrate to migrate VMs from member hosts to coordinator host. The clients authenticated with certificates require permission to use these methods. This commit extends the permission list of client auth with these two methods. Signed-off-by: Ming Lu <ming.lu@citrix.com>
The '--setopt' of yum-config-manager requires specifying the repo name. The bug fixed in this commit is '--setopt=repo_gpgcheck=1' should be '--setopt=<repo-name>.repo_gpgcheck=1' in parameter of 'yum-config-manager'. In this commit, additionally the `repo_gpgcheck` is moved to the initial repo configuration file content which contains static configurations usually. Signed-off-by: Ming Lu <ming.lu@citrix.com>
…/tls-v2 certificate checking for clusterd
…364630 Add [post|put]_services_xenops to client auth permission list
maintenance: Emit the same warnings across the toolstack and remove a few dozen of them
For testing we add at a random point in a list of operations a failure. The existing code removed all operations after the inserted failure. This commit changes this to keep them for debugging. They won't be executed, though, because the failure is reached first. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
It has ben deprecated in favour of Cstruct.length Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
…/fist Fist point of cert exchange: keep all operations
The main difference is: Lwt_main.run treats paused and yielded promises differently: it resolves paused promises twice as often as yielded promises. Since the existing yield is used for waiting until a file is ready, it shouldn't have a significant impact. Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Prior to this commit, the GPG key file name is coded as a global configuration of XAPI. This will get the GPG key rotation difficult in future. This commit moves the configuration into XAPI repository object so that it could be changed through XAPI API. Signed-off-by: Ming Lu <ming.lu@citrix.com>
Signed-off-by: Ming Lu <ming.lu@citrix.com>
Signed-off-by: Ming Lu <ming.lu@citrix.com>
Given the gpgkey name has been stored in repository object, this commit retrieves the gpgkey name from the repository object rather than a global XAPI configuration. The global XAPI configuration now is a default one for backward compatibility. Signed-off-by: Ming Lu <ming.lu@citrix.com>
Signed-off-by: Ming Lu <ming.lu@citrix.com>
The group file is not used at present. But it would be better to add this file for usage in future. Signed-off-by: Ming Lu <ming.lu@citrix.com>
…39209 Bugfix and improvement for repository GPG key
For debugging lost FDs in varstore-guard, log when whe call it to stop serving a domain. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
CA-364138 log when about to stop varstored and varstore-guard
The CApath stunnel config option is currently used, but it turns out that the necessary pem file symlinks are not always created. This should be sorted out, but for now the quickest solution is to switch to CAfile and use the CA bundle. Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
…lpers This makes them independent from the big setup tests and allows for shorter feedback cycles Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Re.Str does not seem thread-safe as it caches state. Replace with String, Astring or Re.Posix functions which are safe. The remaining usages are in single-threaded cli applicacions where the usage is not an issue. Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Client-cert auth: use CAfile
edwintorok
approved these changes
Mar 11, 2022
robhoes
approved these changes
Mar 11, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Only the API hash changes created a conflict, it was a straight-forward merge otherwise