----- Original Message ----- > From: "Itamar Heim" <[email protected]> > To: "Oved Ourfalli" <[email protected]> > Cc: [email protected] > Sent: Monday, April 15, 2013 9:49:12 AM > Subject: Re: [Engine-devel] minutes for sync up on Open Attestation > integration with oVirt in 4/9 > > On 04/15/2013 09:20 AM, Oved Ourfalli wrote: > > > > > > ----- Original Message ----- > >> From: "Wei D Chen" <[email protected]> > >> To: "Doron Fediuck" <[email protected]>, "Ofri Masad" > >> <[email protected]> > >> Cc: [email protected] > >> Sent: Monday, April 15, 2013 8:54:18 AM > >> Subject: Re: [Engine-devel] minutes for sync up on Open Attestation > >> integration with oVirt in 4/9 > >> > >> Hi Doron and Ofri, > >> > >> Thanks for your reply, here is some other question. > >> > >> ii. When adding a host into the trusted cluster, the host will be > >> attested > >> via OAT service, only trusted hosted can be added. > >> > >> Would you also kindly tell me if there is any mandatory logic check when > >> adding a host into a cluster, so we can also put attestation logic with > >> these mandatory check together? Some example or code location is better. > >> Thanks a lot. > >> > > > > I think there are two approaches, depending on the use case. > > #1: > > If the host trusted property is static, then you can narrow the tests to > > two locations: > > * AddVdsCommand - (Vds = Host) - This command is triggered when a new host > > is added to the system. You can use the canDoAction method (which we have > > on all commands, and it determines whether an action can be run or not), > > and there, if cluster requires trusted hosts only, you can test whether > > this host is trusted or not. > > * ChangeVdsClusterCommand - this command is used when you change the > > cluster of a host. So, if the target cluster requires tursted hosts, you > > can do a similar test in its canDoAction method. > > > > #2: > > If the host trusted property can change, then I'd suggest using the > > NonOperational property of a host. > > We have a class called VdsUpdateRunTimeInfo that does periodic tests of > > hosts, deciding what's their status, according to specific flags. > > The code there is quite complex, and would require refactoring at some > > point, but in the meantime you can use the MonitoringStrategy interface > > that is being used there, and implement a new monitoring strategy for Open > > Attestation. > > > > There, in the processHardwareCapabilities, you can test that the host is > > trusted. > > > > When creating the strategy, using the MonitoringStrategyFactory, you'll > > need to create the appropriate strategy. > > Currently we support either virt strategy or gluster strategy or both. In > > your case you would need virt+attestation / gluster+attestation / > > virt+gluster+attestation, according to the services deployed on the > > cluster. > > I'd go with the 2nd approach. i.e., not block the host from being added, > only from being used, based on monitoring / non-op status > +1. It means that the admin can add the host, but the host will not be operational until we get a positive indication from the attestation service.
> > > > > > > Does that make sense? > > Doron and Ofri, what did you have in mind for this feature? > > > > Regards, > > Oved > > > >> > >> Best Regards, > >> Dave Chen > >> > >> > >> -----Original Message----- > >> From: Doron Fediuck [mailto:[email protected]] > >> Sent: Wednesday, April 10, 2013 8:03 PM > >> To: Ofri Masad > >> Cc: Wei, Gang; Chen, Wei D; Cao, Buddy; Zhang, Lijuan > >> Subject: Re: minutes for sync up on Open Attestation integration with > >> oVirt > >> in 4/9 > >> > >> > >> > >> ----- Original Message ----- > >>> From: "Ofri Masad" <[email protected]> > >>> To: "Gang Wei" <[email protected]> > >>> Cc: "Wei D Chen" <[email protected]>, "Buddy Cao" > >>> <[email protected]>, "Lijuan Zhang" <[email protected]>, "Doron > >>> Fediuck" <[email protected]> > >>> Sent: Wednesday, April 10, 2013 2:23:57 PM > >>> Subject: Re: minutes for sync up on Open Attestation integration with > >>> oVirt in 4/9 > >>> > >>> Hi, > >>> > >>> answers inside the mail body. > >>> > >>> ----- Original Message ----- > >>>> From: "Doron Fediuck" <[email protected]> > >>>> To: "Wei D Chen" <[email protected]> > >>>> Cc: "Gang Wei" <[email protected]>, "Buddy Cao" > >>>> <[email protected]>, "Lijuan Zhang" <[email protected]>, > >>>> "Ofri Masad" <[email protected]> > >>>> Sent: Wednesday, April 10, 2013 12:12:26 PM > >>>> Subject: Re: minutes for sync up on Open Attestation integration > >>>> with oVirt in 4/9 > >>>> > >>>> Hi Dave, > >>>> Adding Ofri to answer your questions. > >>>> > >>>> ----- Original Message ----- > >>>>> From: "Wei D Chen" <[email protected]> > >>>>> To: "Gang Wei" <[email protected]>, "Doron Fediuck" > >>>>> <[email protected]>, > >>>>> "Buddy Cao" <[email protected]>, "Lijuan Zhang" > >>>>> <[email protected]> > >>>>> Sent: Wednesday, April 10, 2013 6:31:05 AM > >>>>> Subject: RE: minutes for sync up on Open Attestation integration > >>>>> with oVirt in 4/9 > >>>>> > >>>>> Hi Doron, > >>>>> > >>>>> > >>>>> iii. Then periodic trust check will be added into background process > >>>>> for > >>>>> all existing hosts, once becoming non-trusted, mark it as > >>>>> non-operational. > >>>>> > >>>>> - [Dave] Would you give me some details about the “background > >>>>> process” mentioned in our sync up meeting? What’s the process and > >>>>> where is related code? > >>>>> > >>> > >>> The use Quartz Job to scheduled background processes. > >>> An example can be found in: > >>> ovirt-engine/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/Backend.java(Line: > >>> 222) > >>> > >>> This code calls a method that is located in: > >>> ovirt-engine/backend/manager/modules/bll/src/main/java/org/ovirt/engin > >>> e/core/bll/quota/QuotaManager.java > >>> (Line: 1000) > >>> the @OnTimerMethodAnnotation annotation and the unique job name > >>> connects the two in runtime. > >>> > >>> The job can query the attestation server for all the host and then set > >>> untrusted hosts to Non-Operational. > >>> the best way would be to call SetNonOperationalVdsCommand with a new > >>> NonOperationalReason. > >>> This command tries to migrate all VMs from the host and then set it > >>> non operational. > >>> (We need to think about non-migrational VMs - should we close those > >>> VMs or keep the host running) > >>> > >> > >> One more thing you may want to consider; If we get a positive response for > >> a > >> host which is currently non-operational, issue an activate command to try > >> and make it operational again. > >> Alternatively, you may decide not to handle it, assuming untrusted hosts > >> can > >> only be activated manually (see below Ofri's response on activating a > >> host). > >> > >>>>> > >>>>> iv. If admin fixed the non-operational node and try to switch it to > >>>>> operational mode again, a trust check will happen to gate the > >>>>> switching. > >>>>> > >>>>> - [Dave] If there is a button provided from UI for checking > >>>>> the > >>>>> logic? or we need add an extra-button for attestation check only? > >>>>> > >>> > >>> In the UI we already have the "Activate" option. What still needs to > >>> be added is the check with the attestation provider to make sure that > >>> if the cluster is defined 'Trusted'. If so, only trusted host will > >>> succeed in the activate command (and, of course, a proper Audit Log > >>> error in case the host failed to activate due to trust issue. > >>> > >>> the correct place to add this check would be in: > >>> ovirt-engine/backend/manager/modules/vdsbroker/src/main/java/org/ovirt > >>> /engine/core/vdsbroker/VdsManager.java:activate() > >>> this is where the re-activation process begins. > >>> > >>>>> > >>>>> Thanks very much. > >>>>> > >>>>> > >>>>> > >>>>> Best Regards, > >>>>> Dave Chen > >> _______________________________________________ > >> Engine-devel mailing list > >> [email protected] > >> http://lists.ovirt.org/mailman/listinfo/engine-devel > >> > > _______________________________________________ > > Engine-devel mailing list > > [email protected] > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > _______________________________________________ > Engine-devel mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/engine-devel > _______________________________________________ Engine-devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-devel
