Private/edvint/tar #2
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
Signed-off-by: Fei Su <fei.su@cloud.com>
Signed-off-by: Fei Su <fei.su@cloud.com>
For the check of function `assert_url_is_valid`, repository-domain-name-allowlist doesn't work if you use the full FQDN for a server. The `assert_url_is_valid` only allows if the host ends with .<entry in repository-domain-name-allowlist>. Now it is extended to allow if the host matches the entry in the list too. Signed-off-by: Feiya Zhang <feiya.zhang@cloud.com>
Signed-off-by: Fei Su <fei.su@cloud.com>
Add tracing for xe calls in the CLI server
Signed-off-by: Christian Lindig <christian.lindig@cloud.com>
…5486 CA-365486: repository-domain-name-allowlist could accept a full hostname
* Use with_file * in anticipation of future changes, match on parameters rather than using if-then-else * reduce nesting Signed-off-by: Christian Lindig <christian.lindig@cloud.com>
Signed-off-by: Fei Su <fei.su@cloud.com>
Signed-off-by: Stephen Cheng <stephen.cheng@cloud.com>
CP-46168: Some py2->py3 update for xapi startup
This reverts commit 2ab003e. Signed-off-by: Christian Lindig <christian.lindig@cloud.com>
Logging or redo_log is disable in xapi.conf. By logging under the module name, enable it for this module. Signed-off-by: Christian Lindig <christian.lindig@cloud.com>
The lock is circular: startup: lock -> broken -> shutdown : lock Signed-off-by: Christian Lindig <christian.lindig@cloud.com>
The hashes in the database always use SHA256 Signed-off-by: Pau Ruiz Safont <pau.ruizsafont@cloud.com>
…tephenche/CP-45981 CP-45981: Update xenopsd from python2 to python3
CA-384148 enable logging for redo_log_alert
CA-385315: document the certificates' fingerprints hash algorithm
Signed-off-by: Fei Su <fei.su@cloud.com>
Signed-off-by: Fei Su <fei.su@cloud.com>
Signed-off-by: Stephen Cheng <stephen.cheng@cloud.com>
…tephenche/CP-45977 CP-45977: Update scripts/extensions from python2 to python3
Signed-off-by: Danilo Del Busso <danilo.delbusso@cloud.com>
Signed-off-by: Danilo Del Busso <danilo.delbusso@cloud.com>
Signed-off-by: Danilo Del Busso <danilo.delbusso@cloud.com>
Signed-off-by: Danilo Del Busso <danilo.delbusso@cloud.com>
Signed-off-by: Danilo Del Busso <danilo.delbusso@cloud.com>
Signed-off-by: Yann Dirson <yann.dirson@vates.fr>
Some fixup for external auth plugins
Currently there is no way to force flush the spans in memory, this patch adds an interface to allow such flush. This is useful when, for example, clusterd is about to exit. Signed-off-by: Vincent Liu <shuntian.liu2@cloud.com>
…pan-export Add interface for flush spans and exit the export thread
Signed-off-by: Stephen Cheng <stephen.cheng@cloud.com>
…tephenche/qemu CP-45981: Update xenopsd from python2 to python3
Set proper parent relationship between spans in `storage_smapiv1.ml` and `storage_smapiv1_wrapper.ml`. Spans created from `storage_smapiv1_wrapper.ml` onwards were created under the same parent. This solves the issue by remaking `dbg` with the updated `traceparent`. Signed-off-by: Gabriel Buica <danutgabriel.buica@cloud.com>
Signed-off-by: Edwin Török <edwin.torok@cloud.com>
Fixes: 2a6aaae ("CP-45974: Porting examples to python3,as per Edwin Torok an Rob Hoes XVA.py is not required anymore,deleting it from repo.") Signed-off-by: Edwin Török <edwin.torok@cloud.com>
Fix 'make install' and add a CI rule
…/CP-46379 CP-46379: Set correct traceparent for `storage_smapiv1*.ml` functions
…ustom-templates update print-custom-templates to python3
Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
- `Pool.set/get_custom_uefi_certificates` - `Pool/Host.set_uefi_certificates` deprecated - `Pool.get_uefi_certificates` return the certificates used by the pool Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
They'are also needed to fallback when custom are empty Signed-off-by: Benjamin Reis <benjamin.reis@vates.tech>
Wait for the state of DEMU to be runnung before unpausing a guest. * split out the code for waiting into wait_for_vgpu_state * adjust timeouts Signed-off-by: Christian Lindig <christian.lindig@cloud.com>
Catch demu failing earlier to provide a better error message. Signed-off-by: Christian Lindig <christian.lindig@cloud.com>
Emit port-oriented rules for IPv4 and IPv6 only when needed. The complication is that a single PVS server can have multiple addresses each of which can be IPv4 or IPv6. So we need both kind of rules if addresses as mixed but can emit only one kind if addresses are of one kind. Signed-off-by: Christian Lindig <christian.lindig@cloud.com>
Signed-off-by: Lunfan Zhang <Lunfan.Zhang@cloud.com>
Add internal_error() to log and raise an internal error. Use it to simplify qemu_media_change(). Signed-off-by: Christian Lindig <christian.lindig@cloud.com>
Use internal_error() to log and raise error exception. This removes about 40 lines of code. Signed-off-by: Christian Lindig <christian.lindig@cloud.com>
Passing an NBD to qemu using qmp: open the socket and pass it to qmp. Compared to the existing case that the CD is opened as a raw device the handling of the socket is slightly different: it does not require a Qmp.Remove_fd. Signed-off-by: Christian Lindig <christian.lindig@cloud.com>
…github/CP-44533 CP-44533 Add running vCPU and running domain of host into rrdd
POSIX/PAX headers in TAR may be larger than 1 TAR block (otherwise we see the Pax global headers as a "file" in backwards compatible mode). Calling Tar_unix.get_next_header would already read the appropriate amount from a FD to find the first true file header. However an imported file can be either compressed or not, and we need to retry with decompression if parsing as a Tar failed. But we might be importing from a socket or pipe, so we cannot just seek back to the beginning, and we cannot use Tar_unix.get_next_header either because we don't have access to its internal buffer. Implement a custom Tar header reader using the functor, that first feeds the block that we already read to the reader, and then the file itself directly (at which point we turn off the retry because we no longer buffer all that we read). Signed-off-by: Edwin Török <edwin.torok@cloud.com>
liulinC
pushed a commit
that referenced
this pull request
May 23, 2024
Backport of 3b52b72 This enables PAM to be used in multithreaded mode (currently XAPI has a global lock around auth). Using an off-cpu flamegraph I identified that concurrent PAM calls are slow due to a call to `sleep(1)`. `pam_authenticate` calls `crypt_r` which calls `NSSLOW_Init` which on first use will try to initialize the just `dlopen`-ed library. If it encounters a race condition it does a `sleep(1)`. This race condition can be quite reliably reproduced when performing a lot of PAM authentications from multiple threads in parallel. GDB can also be used to confirm this by putting a breakpoint on `sleep`: ``` #0 __sleep (seconds=seconds@entry=1) at ../sysdeps/unix/sysv/linux/sleep.c:42 #1 0x00007ffff1548e22 in freebl_RunLoaderOnce () at lowhash_vector.c:122 #2 0x00007ffff1548f31 in freebl_InitVector () at lowhash_vector.c:131 #3 NSSLOW_Init () at lowhash_vector.c:148 xapi-project#4 0x00007ffff1b8f09a in __sha512_crypt_r (key=key@entry=0x7fffd8005a60 "pamtest-edvint", salt=0x7ffff31e17b8 "dIJbsXKc0", xapi-project#5 0x00007ffff1b8d070 in __crypt_r (key=key@entry=0x7fffd8005a60 "pamtest-edvint", salt=<optimized out>, xapi-project#6 0x00007ffff1dc9abc in verify_pwd_hash (p=p@entry=0x7fffd8005a60 "pamtest-edvint", hash=<optimized out>, nullok=nullok@entry=0) at passverify.c:111 xapi-project#7 0x00007ffff1dc9139 in _unix_verify_password (pamh=pamh@entry=0x7fffd8002910, name=0x7fffd8002ab0 "pamtest-edvint", p=0x7fffd8005a60 "pamtest-edvint", ctrl=ctrl@entry=8389156) at support.c:777 xapi-project#8 0x00007ffff1dc6556 in pam_sm_authenticate (pamh=0x7fffd8002910, flags=<optimized out>, argc=<optimized out>, argv=<optimized out>) at pam_unix_auth.c:178 xapi-project#9 0x00007ffff7bcef1a in _pam_dispatch_aux (use_cached_chain=<optimized out>, resumed=<optimized out>, h=<optimized out>, flags=1, pamh=0x7fffd8002910) at pam_dispatch.c:110 xapi-project#10 _pam_dispatch (pamh=pamh@entry=0x7fffd8002910, flags=1, choice=choice@entry=1) at pam_dispatch.c:426 xapi-project#11 0x00007ffff7bce7e0 in pam_authenticate (pamh=0x7fffd8002910, flags=flags@entry=1) at pam_auth.c:34 xapi-project#12 0x00000000005ae567 in XA_mh_authorize (username=username@entry=0x7fffd80028d0 "pamtest-edvint", password=password@entry=0x7fffd80028f0 "pamtest-edvint", error=error@entry=0x7ffff31e1be8) at xa_auth.c:83 xapi-project#13 0x00000000005adf20 in stub_XA_mh_authorize (username=<optimized out>, password=<optimized out>) at xa_auth_stubs.c:42 ``` `pam_start` and `pam_end` doesn't help here, because on `pam_end` the library is `dlclose`-ed, so on next `pam_authenticate` it will have to go through the initialization code again. (This initialization code would've belonged into `pam_start`, not `pam_authenticate`, but there are several layers here including a call to `crypt_r`). Upstream has fixed this problem >5 years ago by switching to libxcrypt instead. Signed-off-by: Edwin Török <edwin.torok@cloud.com> Signed-off-by: Christian Lindig <christian.lindig@cloud.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.