Re: Review Request 13496: changes for guest vm password script for parallel vm deployment

Mon, 12 Aug 2013 18:13:35 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/13496/#review25048
-----------------------------------------------------------


#1. if you add fork to the TCP_LISTEN option of SOCAT, then it will fork a 
process for each connection, allowing more parallelism
#2. There is a bug in serve_password.sh (see below)
#3. You can also add 'su=nobody' to the TCP4_LISTEN option to increase the 
security of the procedure (after all we are blindly accepting strings from 
potentially untrusted vm)

diff --git a/patches/systemvm/debian/config/opt/cloud/bin/passwd_server_ip 
b/patches/systemvm/debian/config/opt/cloud/bin/passwd_server_ip
index 8d62dff..4622860 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/passwd_server_ip
+++ b/patches/systemvm/debian/config/opt/cloud/bin/passwd_server_ip
@@ -20,7 +20,7 @@
 addr=$1;
 while [ "$ENABLED" == "1" ]
 do
-       socat -lf /var/log/cloud.log TCP4-LISTEN:8080,reuseaddr,crnl,bind=$addr 
SYSTEM:"/opt/cloud/bin/serve_password.sh \"\$SOCAT_PEERADDR\""
+       socat -lf /var/log/cloud.log 
TCP4-LISTEN:8080,reuseaddr,su=nobody,fork,crnl,bind=$addr 
SYSTEM:"/opt/cloud/bin/serve_password.sh \"\$SOCAT_PEERADDR\""
 
        rc=$?
        if [ $rc -ne 0 ]
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/serve_password.sh 
b/patches/systemvm/debian/config/opt/cloud/bin/serve_password.sh
index b829b54..a3a2732 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/serve_password.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/serve_password.sh
@@ -62,7 +62,7 @@ do
                break
        fi
 
-       request=$(echo $input | grep "DomU_Request:" | cut -d: -f2 | sed 's/^[ 
\t]*//')
+       request=$(echo "$input" | grep "DomU_Request:" | cut -d: -f2 | sed 
's/^[ \t]*//')
 
        if [ "$request" != "" ]
        then

- Chiradeep Vittal


On Aug. 12, 2013, 1:24 p.m., Jayapal Reddy wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/13496/
> -----------------------------------------------------------
> 
> (Updated Aug. 12, 2013, 1:24 p.m.)
> 
> 
> Review request for cloudstack, anthony xu, Abhinandan Prateek, Chiradeep 
> Vittal, and Sheng Yang.
> 
> 
> Bugs: CLOUDSTACK-4184
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> -------
> 
> For parallel vm deployment guest vm password script is fixed by retrying 
> after random sleep on failure.
> 
> Please review the changes and provide your comments so that I can commit this.
> 
> For windows guest VM script, changes for parallel vm deployment is not added.
> 
> 
> Diffs
> -----
> 
>   setup/bindir/cloud-set-guest-password.in 3215894 
> 
> Diff: https://reviews.apache.org/r/13496/diff/
> 
> 
> Testing
> -------
> 
> Tested by deploying 30 vms. All vms set its password successfully.
> 
> 
> Thanks,
> 
> Jayapal Reddy
> 
>

Reply via email to