-
Notifications
You must be signed in to change notification settings - Fork 283
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
merge the last 2 months of changes accumulated to master into the vtpm branch #4723
Merged
psafont
merged 106 commits into
xapi-project:feature/vtpm
from
psafont:private/paus/vtpm-merged
Jun 8, 2022
Merged
merge the last 2 months of changes accumulated to master into the vtpm branch #4723
psafont
merged 106 commits into
xapi-project:feature/vtpm
from
psafont:private/paus/vtpm-merged
Jun 8, 2022
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This allow to use a file path towards a folder instead of a VHD Signed-off-by: BenjiReis <benjamin.reis@vates.fr> Co-authored-by: Ronan Abhamon <ronan.abhamon@vates.fr>
- `Pool.set_uefi_certificates` is implemented and writes the certificates on all its hosts' disks - `Host.set_uefi_certificates` is now deprecated and transmit the call to the pool method - `Host.uefi_certificates` is deprecated as well as it's getter, the value is not updated. - On XAPI startup certificates stored in XAPI's `Pool.uefi_certificates` are written on disks - When a host joins the pool's certificates are written on its disk. This means: - At every XAPI startup the certificates in host disks are synced with XAPI's `Pool.uefi_certificates` - When `Pool.set_uefi_certificates` is called all hosts are synced on their disks with XAPI's `Pool.uefi_certificates`. Also: `Host.set_uefi_certificates` calls should be replaced by `Pool.set_uefi_certificates`, this requires changes in external libs (varstored, uefistored, etc) to set the pool's certificates: call `Pool.set_uefi_certificates`. See: xapi-project#4647 Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
This restricts the /repository endpoint to local-root only. This endpoint is exposed only on the coordinator, and used by other pool members to access the pool's yum repo mirror. Yum calls to this endpoint now require a pool secret to be used in a cookie, which is implemented through a yum plugin. Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
CP-35846: Restrict access to internal yum repo server (members only)
Close both FDs. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
Signed-off-by: Edwin Török <edvin.torok@citrix.com>
emu-manager needs '-dm qemu' flag for migration to work correctly with upstream QEMU. Otherwise emu-manager doesn't send xen-set-global-dirty-log and some guest drivers may crash upon resume (e.g. the mouse). Treat Qemu_upstream_uefi as upstream too and pass the flag. Commit 0e8624a introduced '-dm qemu' but the UEFI version of the qemu profile didn't exist yet at the time. Later commit 971d788 introduced the UEFI qemu profile, and the build still worked due to the wildcard, so the missing flag went unnoticed until now. Replace the wildcard with an explicit list of when '-dm qemu' shouldn't be added, so the next time we introduce a new qemu profile we get a build failure and must decide which behaviour would be correct. Signed-off-by: Edwin Török <edvin.torok@citrix.com>
It is unused and incomplete (it lacks UEFI). Drop it to avoid confusion. Signed-off-by: Edwin Török <edvin.torok@citrix.com>
After starting a new server (for a varstored), report the number of open file descriptors in the log. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
There were a lot of warnings here, mostly missing named parameters, quite a few of these were able to be automated using sed to add tildes, others couldn't because of how irregular the name of the parameters are, sometimes using self, sometimes the type of object; or they were too particular. There we also unused bindings which allowed for removal of parameters. Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
…/CA-364138 CA-364138 XSI-1217: fix FD leak, Unix.EMFILE
These were mostly about removing unused code and removing usages of xenstore and xenctrl handles which allows avoiding opening them in quite a few places. I would not have expected the code around PCI devices to be unused, I wonder if it should actually be used. Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
…-reformats maintenance: ignore reformatting commits in git blame
CP-39551: avoid warnings in xapi-cli-server and xenopsd/xc
…een-hosts Sync varstore certificates in XAPI with those on disks
Add `9pfs` backend to vbds
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
CP-39551: avoid warnings in xenopsd/xc and libs
Issues: - DNS is not set when configuring an IPv6 - When a DNS is set all dns entries are overriden, this is problematic when using both IPv4 and IPv6 in the same PIF. Fixes: - set DNS when an IPv6 is configured - only overrides DNS entries of the same family when an IP/IPv6 is configured - 'determine_gateway_and_dns_ifs' also look for 'ipv6_configuration_mode' to find possible gateway and dns pifs Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
fixes regarding DNS management
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
The compression library Xapi_compression spawns processes to compress and uncompress streams. To facilitate easier testing, add a small stand-alone filter that compresses or uncompresses its standard input. This filter requires the presence of forkexecd to work - so typically a Citrix Hypervisor installation. We don't install this binary but it is available for developers. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
In commit d951478, a new function was added to restrict the repository access to pool members only. With this funciton, the pool members need to use pool_secret in access requests to the mirrorred repositories on the pool coordinator for authentication. But in updating, this would cause the pool members can't access the mirrored repositories as at that time the pool coordinator has been updated to check the pool_secret while the pool members have not been udpated to use pool_secret. Per suggestion from Rob Hoes, this commit adds a temporary feature flag to make the pool coordinator be able to distinguish the case in the mixed mode in updating. Signed-off-by: Ming Lu <ming.lu@citrix.com>
xs-opam's CI is the only environment where /tmp is not writable and XDG_RUNTIME_DIR is not set. Using TMPDIR with /tmp as a backup will mean the socket is writeable in all environments Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Upgrade VM runtime state when xenopsd restarts
…/CP-38688 CP-38688 make Message.destroy_many() async, too
Instead of throwing an exception when a DNS doesn't have the correct ip familly: just ignore it It means when reconfiguring: - an ipv4: only the ipv4 entries on the input dns will kept and only the ipv6 dns already set to the pif will be kept - an ipv6: only the ipv6 entries on the input dns will kept and only the ipv4 dns already set to the pif will be kept This is usefull in the case both family are configured on a pif Right now the installer and xsconsole can fail when reconfiguring an IP or an IPv6 and both family DNS are present, which can often happen in case of dual stack Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
XSI-1246/CA-367232: Daily license re-apply fails is HA is enabled
…nfiguring-pif Filter input dns when reconfiguring a pif IP(v6)
In particular, the evacuation plan is computed in a different way when HA is enabled. We want the update readiness to check things as if HA is disabled, because before updates are applied, HA will be disabled anyway. Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
CA-366309: ignore HA when checking update readiness
This fixes xapi-project#4716 Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
XenAPI.py: define how to build package in pyproject.toml
maintenance: make xapi-xenops tests more granular
Add a new field that reflects the last time Host.apply_software_updates was run (or the time of the first installation). Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
The check against an empty string needs to be kept as some of the variables use an empty string as an alternative to None, meaning not to create the file at all. Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
use forkexecd instead Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
…/CP-38583 CP-38583 add Host.last_software_update field with data/time
Signed-off-by: Ming Lu <ming.lu@citrix.com>
Signed-off-by: Ming Lu <ming.lu@citrix.com>
Signed-off-by: Ming Lu <ming.lu@citrix.com>
Prior to support live patch, the guidance of an update is determined by "recommendedGuidance". With supporting to live patch, a new metadata "livepatchGuidance" is introduced. In an update, if a live patch in it is determined as applicable, its "livepatchGuidance" will overwrite its "recommendedGuidance". Signed-off-by: Ming Lu <ming.lu@citrix.com>
…39487 Support livepatch - part 2 - unit tests
The existing interface to compressions tools assumes that all tools receive the exact same command-line arguments. As such, it inhibits using specific features of each tool for diferent use cases. This patch introduces two things: * Each compression tool may use specific options, unavailable by another implementation. * Each compression tool may provide profiles for different use cases, like high compression or fast compression. So far only a default profile is implemented but adding more is trivial. At the same time, clients are shielded from the underlying command-line options being used. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
…/CP-39884 CP-39884 generalise interface to gzip/zstd-like tools
We want to use Xapi_host.get_servertime instead of Date.localtime because it impacts the representation used for XMLRPC. This is obviously a design deficiency as the representation of dates in XMLRPC should be decided during serialisation and not at creation. Signed-off-by: Christian Lindig <christian.lindig@citrix.com> fixup! CP-38583 add Host.last_software_update field with data/time Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
Change the date format for the build as it is recorded in the Host.software_version.date field to match the XMLRPC date format for consistency and expectations by Citrix Hypervisor Center. The format used by XMLRPC http://xmlrpc.com/spec.md is claimed to be ISO8601: 19980717T14:08:55 This is somewhat doubtful becuase it mixes no punctuation for the date with punctuation for the time. https://stackoverflow.com/a/36775198 Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
…/CP-38583 Fix date representations for CH Center
edwintorok
approved these changes
May 25, 2022
lindig
approved these changes
Jun 6, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There were 3 conflicts: one on the schema hash, and two easy to resolve, one in api_server.ml due to the warning cleanup and another one in device.ml where the sandbox and uuid changes coincided.
Some errors regarding the new uuid interface were fixed in the tpm code.