Sync vtpm with master branch #4747
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When resuming a VM, xenopsd branches based on where the suspend image is stored. So far it tries to open the image and read the header. This either succeeds, in which case it concludes this is a raw image, or fails. It then open the image again to read it. This patch simplifies this logic by using the file type to make that decision. If the header later can't be read this still would lead to a failure - so we are not skipping the header check. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
…he method's implementations. Signed-off-by: Konstantina Chremmou <konstantina.chremmou@citrix.com>
…folder instead of the user's temp folder if the latter is in a different drive from the target folder. Signed-off-by: Konstantina Chremmou <konstantina.chremmou@citrix.com>
Signed-off-by: Konstantina Chremmou <konstantina.chremmou@citrix.com>
Signed-off-by: Konstantina Chremmou <konstantina.chremmou@citrix.com>
QMP usually returns an error because nvmes are not migratable, but this is expected. Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
…/raw Use file type for is_raw_image()
Signed-off-by: Konstantina Chremmou <konstantina.chremmou@citrix.com>
A HTTP request to XAPI will be authenticated by: 1. session in header, 2. pool secret in header, 3. username and password in header, or 4. client certificate Therefore, if there is no auth header (1, 2, or 3 above) in the HTTP request, it should be confirmed that if the request has been authenticated by client certificate. The 'Xapi_session.login_with_password' is re-used in 'create_session_for_client_cert' for this purpose. Meanwhile, this funciton will perform RBAC checking as well. Prior to this commit, a HTTP request without auth header would be checked by 'create_session_for_client_cert'. But the 'login_with_password' called in it would have a long journey since 'create_session_for_client_cert' feeds empty 'uname' and 'pwd' to 'login_with_password'. This long journey includes local auth and external auth if it is enabled. Especially the external auth would take long duration which may block successive authentications. The fix is to short-circuit the authentication in this case as it is already known that if the HTTP request has been authenticated by client certificate. If it is, only RBAC checking will be required to be done by 'login_with_password'. Otherwise it is not necessary to perform authentication further. Signed-off-by: Ming Lu <ming.lu@citrix.com> * fixup! CA-367738: Short-circuit auth of HTTP requests without auth header Signed-off-by: Ming Lu <ming.lu@citrix.com>
Split `retrieve_livepatches_from_updateinfo` out from `merge_livepatches`. In a successive change, the updateinfo would be required to be separated by livepatch component so that the livepatch guidance could be ignored when a livepatch failed to be applied. Signed-off-by: Ming Lu <ming.lu@citrix.com>
This commit adds functions to apply live patches for two components: Xen hypervisor and Linux kernel. A live patch can make changes on the running component but without host reboot. A live patch file is delivered by a RPM package. After that, Toolstack will determine if an installed (or to be installed) live patch is applicable to the current running component. If a live patch is applicable, it will be applied by Toolstack. A live patch has its own guidance which will overwrite the guidance in the its component's RPM update. The failures of live patches will not block/fail the update. But these failures will be returned from 'host.apply_updates'. Signed-off-by: Ming Lu <ming.lu@citrix.com>
Some SDK fixes
…36245 Support livepatch - part 3 - apply livepatches
Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
Update datamodel lifecycle
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
newer ocamlformat are unable to reach a stable format for code that has long comment inside long boolean expressions, change the code so an ocamlformat version compatible with ocaml 4.14 can be used to format the code. Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
CP-39806: remove code without a stable formatting
xenopsd/xc: do not log error when querying for migrability
This allows us to sidestep most of the code in Threadext and use only Mutex.execute, Delay, thread_iter_all_exns and thread_iter This matters because Stdlib's Thread module is changing in ocaml 4.14 in advance of multicore, dropping the code from stdext will allow it to compile in 4.14 Since the uses of execute have to be changed in any case, I've opted to use the name with_lock as I find it more self-explanatory than just "execute". Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Lin Liu <lin.liu@citrix.com>
Signed-off-by: Ming Lu <ming.lu@citrix.com>
The bug is the build id should be presented as hexadecimal with width 2. Signed-off-by: Ming Lu <ming.lu@citrix.com>
Signed-off-by: Mark Syms <mark.syms@citrix.com>
CA-365604: Support external user ssh into dom0 with name in unicode
The qemu-dm-wrapper script was for qemu-trad only, which has been removed a while ago. We now use the qemu-wrapper script with upstream QEMU. Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
Remove unused xenopsd/Makefile and qemu-dm-wrapper
…368069 CA-368069: Got wrong kernel base build_id
Special care was taken to force exit after showing help and providing error codes consistent with what is shown on the manpages. Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
* Migrating a VM works currently like this: The source xenopsd opens a HTTP connection to the destination xenopsd services/xenops/memory. This connection is used as a socket, i.e. in both direction. The handler on the destination puts the socket connection into VM_receive_memory. The source is using this connection for two purposes: sending the memory stream but also a handshake protocol that syncs up source and destination. There are more details about the GPU migration stream that I'm not touching upon. * This patch introduces an additional route and handler ..../migrate-mem that will be used only for the VM memory stream and leave almost all signaling to the two purposes: sending VM memory and keep signaling to the original first connection. The motivation is to enable compression of the memory stream, which is incompatible with signaling because it would introduce latencies. * All file descriptors (FDs) needed for the migration of a VM end up in the VM_migrate and VM_receive_memory operations. On the destination the new handler receive_mem stores the FD in a hash table from where it is retrieved by the VM_receive_memory implementation and passed on. * The destination must stay compatible with the old protocol because it will receive VMs during a rolling pool upgrade from hosts running older software. We signal the use of the new protocol by using a cookie mem_migration and the reveiver use its presence to branch on the protocol it uses. * Several changes are administrative: factor out in handlers for the error case. Moving parameters of the VM_receive_memory operation into a record. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
Optionally compress the memory byte stream that is coming out of emu-manager as part of a VM migration and extend API and CLI for that option. The default (when no option is used) is controlled via xapi.conf and the current default is to not use compression. When switched on in xapi.conf and no explicit API/CLI option is provided, localhost migration is not using compression because it does not add a benefit. Compression is implemented by feeding the byte stream through a compression binary that we spawn with Forkexed. Currently we are using zstd to achieve high troughput. Compression is benefical if otherwise the network connection becomes saturated which often will require multiple migrations in parallel. At the API/CLI level compression is enabled by using the option "compress=true", disabled by "compression=false" and using the default (controlled via xapi.conf) otherwise. The sending side signals to the receiving side the use of compression by using a HTTP cookie key-value pair with "compress=true". Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
edwintorok
approved these changes
Jul 5, 2022
…/migrate-v2 CP-40027 VM migration introduce /services/xenops/migrate-mem
Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
|
Do not merge yet, quicktest has to be fixed for the master branch EDIT: done |
Add matching Synchronisation point 1-mem ACK log on receiver
Partially revert eb6eca2. VIF.plug to dom0 was needed, but VBD.plug must be allowed, and does work. Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
Allow VBD.plug to dom0 again
Signed-off-by: Pau Ruiz Safont <pau.safont@citrix.com>
robhoes
approved these changes
Jul 7, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This merges all the changes introduced to master into the vtpm branch, including relevant ones like: