xenserver/CI-44 #1072

Merged
merged 9 commits into from Apr 12, 2013

Conversation

Projects
None yet
3 participants
@zli
Member

zli commented Mar 13, 2013

This is a partial solution to the CI-44 issue. It does so by grouping sessions based on their auth_user_name and originator and assigning session quota to each group independently. It is based on some previous patches from Thomas Sanders.

@zli

This comment has been minimized.

Show comment Hide comment
@zli

zli Mar 13, 2013

Member

The change on parameters of Session.login_with_password is an incompatible change, hence will break client code that makes use of the OCaml XAPI client (e.g. rrdd plugin, v6d). Dynamically typed language binding should be fine, as the new parameter is set to be optional.

Member

zli commented Mar 13, 2013

The change on parameters of Session.login_with_password is an incompatible change, hence will break client code that makes use of the OCaml XAPI client (e.g. rrdd plugin, v6d). Dynamically typed language binding should be fine, as the new parameter is set to be optional.

zli added some commits Feb 25, 2013

CI-44: Add an extra field "originator" to session object.
This is a key string used for distinguishing different API users sharing the same login name.

Signed-off-by: Zheng Li <zheng.li@eu.citrix.com>
CI-44: Add the originator param to XAPI session creation
Signed-off-by: Zheng Li <zheng.li@eu.citrix.com>
CI-44: update internal uses of login_with_password with the originato…
…r param

Signed-off-by: Zheng Li <zheng.li@eu.citrix.com>
CI-44: update external components and tests with the new originator p…
…aram

Signed-off-by: Zheng Li <zheng.li@eu.citrix.com>
CI-44: Add max_sessions_per_originator config
Signed-off-by: Zheng Li <zheng.li@eu.citrix.com>
CI-44: update session create/destory rbac audit functions
Based on some previous patches from Thomas Sanders.

Signed-off-by: Zheng Li <zheng.li@eu.citrix.com>
CI-44: it seems making better sense to expire tasks before sessions
Signed-off-by: Zheng Li <zheng.li@eu.citrix.com>
CI-44: add max_sessions_per_user_name config variable
Signed-off-by: Zheng Li <zheng.li@eu.citrix.com>
CI-44: expire sessions based on username/originator specific quota
Based on some previous patches by Thomas Sanders.

The current algorithm is implemented as follows:

  * For sessions with their own auth_user_name (other than "root"/""), they will use their independent session quota (Xapi_globs.max_sessions_per_user_name) grouped by their auth_user_name. This can happen in following cases:
    - The session creator uses an external authentication method where the username is not the default
    - The session creator is logged in as local super user (hence no username/password authentication required) but still chooses to pass an independent username argument in purpose (e.g. vmpr, sm)

  * Sessions without independent auth_user_name (e.g. without RBAC, most external API users will have to share the same super user login) can still distiguish themselves using the new "originator" param during session creation. For sessions created with the optional "originator" argument, they will use their independent session quota (Xapi_globs.max_sessions_per_originator) grouped by their originator key.

  * All the rest sessions are in the common session pool, as before, sharing the default session quota (Xapi_globs.max_sessions). Among them, internal sessions will have higher prioirty than the external ones.

Signed-off-by: Zheng Li <zheng.li@eu.citrix.com>

@ghost ghost assigned robhoes Mar 27, 2013

@jonludlam

This comment has been minimized.

Show comment Hide comment
@jonludlam

jonludlam Mar 27, 2013

Member

Assigning to @robhoes for review

Member

jonludlam commented Mar 27, 2013

Assigning to @robhoes for review

@jonludlam

This comment has been minimized.

Show comment Hide comment
@jonludlam

jonludlam Apr 2, 2013

Member

test this please

Member

jonludlam commented Apr 2, 2013

test this please

@robhoes

This comment has been minimized.

Show comment Hide comment
@robhoes

robhoes Apr 12, 2013

Member

test this please

Member

robhoes commented Apr 12, 2013

test this please

@robhoes

This comment has been minimized.

Show comment Hide comment
@robhoes

robhoes Apr 12, 2013

Member

Looks good! It's going in...

Member

robhoes commented Apr 12, 2013

Looks good! It's going in...

robhoes added a commit that referenced this pull request Apr 12, 2013

@robhoes robhoes merged commit dfb54af into xapi-project:master Apr 12, 2013

1 check passed

default Merged build finished.
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment