rhtyd commented on pull request #4978: URL: https://github.com/apache/cloudstack/pull/4978#issuecomment-934173009
> You are right, this something to be careful about. > We've configured the service in a way that it always starts on boot and if the process/job is killed for any reason it gets restarted as well. The only way of stopping it is via systemd (e.g. systemctl stop cloudstack-hahelper.service) Could you maybe explore systemd itself, there are ways to use dependencies and `targets` to ensure the agent is always up and unless explicitly stopped by the admin. For example, there's also restart on failure option (https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=). > We did not implement such a way of telling that the agent has been "intentionally stopped". This would rely on Admins disabling it on the CloudStack side. > I will need to add some information in the documentation about how to handle the cluster with this agent. See above, most admins may not remember about this feature and I wonder is stopping an agent to do maintenance work could cause side-effects. Maybe look at my above suggestion on exploiting systemd features. Docs +1 > I can look into a way of adding CA certificates and validate the communications. For now, it has no such validation; however, it binds only with the node IP in the management network (which in theory is an isolated/secure network). I think if adding a new service for this feature is unavoidable, we should absolutely (a) have the service use CA-framework issued certificates to serve using secured TLS/SSL certs (i.e. on https), (b) provide a default off option (which you've confirmed exists via a cluster-scope global setting), (c) have firewall-config enabled when the agent either starts (or the service/process starts?) or document on how to use this service (i.e. enable port 8080). (Probably not a good idea to expose whole of libvirtd over network, but one option may involve just exposing libvirtd over tls/ssh to other neighbour hosts https://libvirt.org/remote.html which won't require any additional services). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
