Bring vtpm branch up-to-date with master #4671
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Prior to this commit, the assumption is the RPM GPG key will be imported before running 'reposync'. This results in un-necessary dependency and un-necessary RPM packages signature checking since this will be done by 'yum upgrade' later as well. In this commit, the '--gpgcheck' paramter is removed. Thereafter, 'reposync' will only check repository metadata. It will not require the RPM GPG key being imported anymore. And later in 'yum upgrade', the GPG key will be imported automatically and used for RPM packages signature checking. Signed-off-by: Ming Lu <ming.lu@citrix.com>
…39375 Remove RPM gpgcheck in reposync
CA-363207 complains pool admin group name with space cannot login, that issue is fixed by surround group name with [], which works both for pbis and winbind. However, the fix does not work PBIS username with space. This commit take pbis and winbind seperately * for pbis, relace space with +, which is the original pbis solution * for winbind, surround name with [] Signed-off-by: Lin Liu <lin.liu@citrix.com>
Signed-off-by: Lin Liu <lin.liu@citrix.com>
Signed-off-by: Lin Liu <lin.liu@citrix.com>
…A-365112 CA-365112: Permit pool admin username with space to ssh login
Previously the type of exception was not reported. Not print the exception with warning level and make an effort to report whether the process was signaled to stop. Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Make exception helpers aware of the signal names in the forkexec exception of subproccess_killed so it can be printed appropriately Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
In the pre-join checks, require that the xapi version of the joining host is equal to that of the pool coordinator. This is stricter than, and replaces, the check for common platform versions. In particular, this protects against joining a host with a newer xapi version to a pool, which may break (the coordinator must at any time have the highest version). Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
This will enable stabilization and documentation of the module Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
…ertificate Otherwise API clients will continue to see the previous certificate. This might be a problem in the case the certificate has expired. Instead do extra effort to reload the stunnel daemon. Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
maintenance: clean up and add interface for certificates module
UpdateInfoMetaData is only one of meta data types in repomd.xml. This commit abstracts the common logic of parsing repomd.xml as RepoMetaData. Signed-off-by: Ming Lu <ming.lu@citrix.com>
Prior this commit, it is assumed that the updateinfo.xml.gz file name is constructed with a hard-coded specific rule. This commit changes to use the name defined in repomd.xml directly to eliminate the un-necessary assumption. Signed-off-by: Ming Lu <ming.lu@citrix.com>
Prior this commit, it is assumed that the group file name is constructed with a hard-coded specific rule. This commit changes to use the name defined in repomd.xml directly to eliminate the un-necessary assumption. Signed-off-by: Ming Lu <ming.lu@citrix.com>
CA-365121: pool join: require common xapi versions
…365438 Remove hard-coded paths of repository metadata files
CA-365130: Log the exception causing backups to fail
Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
CA-365516: CLI: protect cmdtable population with mutex
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
We are discouraging configurations that use DMC before removing the feature. Add new error message and change wording of existing error message. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
A VM is entering a pool via import - from a migration or via a file. This needs to be guarded: VMs not in rest can't be imported but VMs in rest can be safely updated to not use DMC. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
* on VM start, adjust memory settings when necessary * before migrating, check that the VM does not require DMC or otherwise fail Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
A VM that requires DMC can't be resumed or unpaused. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
We want to update the database when updating xapi. For this to happen, we need to increment the database schema version. I'm making a big jump here to avoid that other changes before this gets merged catch up with my version. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
…/DMC Disable DMC
Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
Fix and extend bugtool plugins
When a member host is being updated, Toolstack creates a stunnel client proxy for the connections from local YUM client to the YUM repositories which locate on the coordinator host. The client stunnel process will be terminated once the updating on the member host completes. The client stunnel on a member host, however, will be left there when the XAPI process has been terminated unexpectedly. And then when the XAPI process starts again, and tries to create a stunnel client for update, it will fail as there is already running one. This commit aims to fix this issue by attempting to clean up running client stunnel which is listening on the specific TCP port before creating a new stunnel client proxy. Signed-off-by: Ming Lu <ming.lu@citrix.com>
The timeoffset parameter of a VM, which controls its timezone settings,
is present in the VM metadata in two places: in the build spec as well
as in the platformdata. This also drives the fact that the timeoffset is
written to two places in xenstore:
/vm/<uuid>/rtc/timeoffset
/local/domain/<domid>/platform/timeoffset
It turns out that the PV tools and/or QEMU in some way rely on both of
these paths.
When a VM starts, its timeoffset platform key is used to set the value
of both bits of metadata that are sent to xenopsd. If the timezone
inside of the VM is changed, then an event is sent back to xapi, which
updates the platform key in its xapi.
If a VM resumes, it is similar to start, but additionally the VM's
runtime metadata is sent to xenopsd as well, so the VM is resumed with
exactly the same state as before it suspended.
Since a recent change, the platformdata has been made part of xenopsd's
runtime VM metadata, and is therefore persisted across a suspend/resume
cycle or live migration. This means that the timeoffset in the
platformdata now comes from this xenopsd-level metadata rather than from
xapi's metadata.
This all would have been fine, if xenopsd were to update the timeoffset
in its persistent platformdata whenever it changes in the VM (besides
sending the event to xapi). Unfortunately, this was not the case, which
meant that, after a suspend/resume cycle, the VM's timezone reverted
back to whatever it was when the VM started, and any changes after that
are forgotten. The situation for live migration is similar.
This commit adds the missing metadata update in xenopsd.
Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
Previously the function was only called whenever the connection to the coordinator was lost as it was set up once the initial connection had been established Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
This should make the code easier to understand and the debug messages clearer Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
There is no good reason to limit the return type of the compression function. This makes it work with functions that return a (monadic) error code. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
CA-365474: Try to synchronize trust roots at startup
Make Xapi_compression.compress more polymorphic
CA-363700: update xenopsd platformdata if rtc-timeoffset changes
…365900 CA-365900: Clean up remanent stunnel client proxy
Switching to DHCP does not simply replace existing IP addresses, but may add one in addition. Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
CA-359978: Flush IP addresses when switching from static to DHCP
Avoid compiler warnings
The existing with_data() is somewhat convoluted and executes is_raw_image() for read and write operations where it does not make sense to do so for write operations. This commit re-organises the code without changing functionality for simplicity. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
…/with-data Restructure with_data () in xenops_server_xen
psafont
approved these changes
Apr 6, 2022
lindig
approved these changes
Apr 6, 2022
Signed-off-by: Lin Liu <lin.liu@citrix.com>
…o dom0 Linux PAM take # as comments and there is no way to escape it This commit fix the issue by permit users and groups through pam_listfile pam module by - users, in /etc/security/hcp_ad_users.conf - groups, in /etc/security/hcp_ad_groups.conf Signed-off-by: Lin Liu <lin.liu@citrix.com>
…A-355588 users in pool admin group which contains # can not ssh into dom0
Signed-off-by: Edwin Török <edvin.torok@citrix.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.