Of course, If you create a new Quartz job is fully configurable. look at my answers in the beginning of this thread
Ofri ----- Original Message ----- > From: "Wei D Chen" <[email protected]> > To: "Ofri Masad" <[email protected]> > Cc: "Omer Frenkel" <[email protected]>, "Doron Fediuck" > <[email protected]>, "Oved Ourfalli" <[email protected]>, > [email protected] > Sent: Wednesday, April 17, 2013 10:44:05 AM > Subject: RE: [Engine-devel] minutes for sync up on Open Attestation > integration with oVirt in 4/9 > > Thanks Ofri, whether Quartz job is configurable? If we can config interval > time, it will do us a favor. > > Best Regards, > Dave Chen > > > -----Original Message----- > From: Ofri Masad [mailto:[email protected]] > Sent: Wednesday, April 17, 2013 3:23 PM > To: Chen, Wei D > Cc: Omer Frenkel; Doron Fediuck; Oved Ourfalli; [email protected] > Subject: Re: [Engine-devel] minutes for sync up on Open Attestation > integration with oVirt in 4/9 > > Hi Dave, > The VdsUpdateRunTimeInfo runs every 3 seconds or so. so it not a good place > to call the attestation host. > Instead, like we suggested earlier, create a new Quartz job (like the one > I've sent you in the QuotaManager class) which run every couple of minutes > and update the hosts state. > You can also add the check to InitVdsOnUpCommand, so that if a host was down > for a different reason, it will be rechecked for attestation. > You can add a UI to allow manual "refresh attestation". > > Ofri > > ----- Original Message ----- > > From: "Wei D Chen" <[email protected]> > > To: "Omer Frenkel" <[email protected]>, "Doron Fediuck" > > <[email protected]> > > Cc: "Oved Ourfalli" <[email protected]>, [email protected] > > Sent: Monday, April 15, 2013 5:53:34 PM > > Subject: Re: [Engine-devel] minutes for sync up on Open Attestation > > integration with oVirt in 4/9 > > > > Good approach, thanks all. How long it needs to invoke periodic check > > in the class of VdsUpdateRunTimeInfo? Whether this time configurable? > > My concern is if the initial status of each host added into trusted > > cluster is non-operational, we need wait a long time for the invoking > > of this periodic check, so a trusted host's with initial status of > > non-operational will take a long time to flip to a trusted host. > > > > As I have not seen the configuration of periodic check in > > VdsUpdateRunTimeInfo, would you give me some tips if you has some clue. > > Thanks a lot. > > > > Best Regards, > > Dave Chen > > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] > > On Behalf Of Omer Frenkel > > Sent: Monday, April 15, 2013 7:01 PM > > To: Doron Fediuck > > Cc: Oved Ourfalli; [email protected] > > Subject: Re: [Engine-devel] minutes for sync up on Open Attestation > > integration with oVirt in 4/9 > > > > > > > > ----- Original Message ----- > > > From: "Doron Fediuck" <[email protected]> > > > To: "Itamar Heim" <[email protected]> > > > Cc: "Oved Ourfalli" <[email protected]>, [email protected] > > > Sent: Monday, April 15, 2013 10:05:57 AM > > > Subject: Re: [Engine-devel] minutes for sync up on Open Attestation > > > integration with oVirt in 4/9 > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Itamar Heim" <[email protected]> > > > > To: "Oved Ourfalli" <[email protected]> > > > > Cc: [email protected] > > > > Sent: Monday, April 15, 2013 9:49:12 AM > > > > Subject: Re: [Engine-devel] minutes for sync up on Open > > > > Attestation integration with oVirt in 4/9 > > > > > > > > On 04/15/2013 09:20 AM, Oved Ourfalli wrote: > > > > > > > > > > > > > > > ----- Original Message ----- > > > > >> From: "Wei D Chen" <[email protected]> > > > > >> To: "Doron Fediuck" <[email protected]>, "Ofri Masad" > > > > >> <[email protected]> > > > > >> Cc: [email protected] > > > > >> Sent: Monday, April 15, 2013 8:54:18 AM > > > > >> Subject: Re: [Engine-devel] minutes for sync up on Open > > > > >> Attestation integration with oVirt in 4/9 > > > > >> > > > > >> Hi Doron and Ofri, > > > > >> > > > > >> Thanks for your reply, here is some other question. > > > > >> > > > > >> ii. When adding a host into the trusted cluster, the host will > > > > >> be attested via OAT service, only trusted hosted can be added. > > > > >> > > > > >> Would you also kindly tell me if there is any mandatory logic > > > > >> check when adding a host into a cluster, so we can also put > > > > >> attestation logic with these mandatory check together? Some > > > > >> example or code location is better. > > > > >> Thanks a lot. > > > > >> > > > > > > > > > > I think there are two approaches, depending on the use case. > > > > > #1: > > > > > If the host trusted property is static, then you can narrow the > > > > > tests to two locations: > > > > > * AddVdsCommand - (Vds = Host) - This command is triggered when > > > > > a new host is added to the system. You can use the canDoAction > > > > > method (which we have on all commands, and it determines whether > > > > > an action can be run or not), and there, if cluster requires > > > > > trusted hosts only, you can test whether this host is trusted or > > > > > not. > > > > > * ChangeVdsClusterCommand - this command is used when you change > > > > > the cluster of a host. So, if the target cluster requires > > > > > tursted hosts, you can do a similar test in its canDoAction method. > > > > > > > > > > #2: > > > > > If the host trusted property can change, then I'd suggest using > > > > > the NonOperational property of a host. > > > > > We have a class called VdsUpdateRunTimeInfo that does periodic > > > > > tests of hosts, deciding what's their status, according to > > > > > specific flags. > > > > > The code there is quite complex, and would require refactoring > > > > > at some point, but in the meantime you can use the > > > > > MonitoringStrategy interface that is being used there, and > > > > > implement a new monitoring strategy for Open Attestation. > > > > > > > > > > There, in the processHardwareCapabilities, you can test that the > > > > > host is trusted. > > > > > > > > > > When creating the strategy, using the MonitoringStrategyFactory, > > > > > you'll need to create the appropriate strategy. > > > > > Currently we support either virt strategy or gluster strategy or > > > > > both. In your case you would need virt+attestation / > > > > > gluster+attestation / > > > > > virt+gluster+attestation, according to the services deployed on > > > > > virt+gluster+the > > > > > cluster. > > > > > > > > I'd go with the 2nd approach. i.e., not block the host from being > > > > added, only from being used, based on monitoring / non-op status > > > > > > > +1. > > > It means that the admin can add the host, but the host will not be > > > operational until we get a positive indication from the attestation > > > service. > > > > > +1 > > if we want to test attestation only once, every time before host moves to > > up. > > the right place for it, imo, is InitVdsOnUpCommand if its periodic > > also after host is up, then it should be somewhere in the monitoring > > code > > > > > > > > > > > > > > > > > > > > > Does that make sense? > > > > > Doron and Ofri, what did you have in mind for this feature? > > > > > > > > > > Regards, > > > > > Oved > > > > > > > > > >> > > > > >> Best Regards, > > > > >> Dave Chen > > > > >> > > > > >> > > > > >> -----Original Message----- > > > > >> From: Doron Fediuck [mailto:[email protected]] > > > > >> Sent: Wednesday, April 10, 2013 8:03 PM > > > > >> To: Ofri Masad > > > > >> Cc: Wei, Gang; Chen, Wei D; Cao, Buddy; Zhang, Lijuan > > > > >> Subject: Re: minutes for sync up on Open Attestation > > > > >> integration with oVirt in 4/9 > > > > >> > > > > >> > > > > >> > > > > >> ----- Original Message ----- > > > > >>> From: "Ofri Masad" <[email protected]> > > > > >>> To: "Gang Wei" <[email protected]> > > > > >>> Cc: "Wei D Chen" <[email protected]>, "Buddy Cao" > > > > >>> <[email protected]>, "Lijuan Zhang" > > > > >>> <[email protected]>, "Doron Fediuck" > > > > >>> <[email protected]> > > > > >>> Sent: Wednesday, April 10, 2013 2:23:57 PM > > > > >>> Subject: Re: minutes for sync up on Open Attestation > > > > >>> integration with oVirt in 4/9 > > > > >>> > > > > >>> Hi, > > > > >>> > > > > >>> answers inside the mail body. > > > > >>> > > > > >>> ----- Original Message ----- > > > > >>>> From: "Doron Fediuck" <[email protected]> > > > > >>>> To: "Wei D Chen" <[email protected]> > > > > >>>> Cc: "Gang Wei" <[email protected]>, "Buddy Cao" > > > > >>>> <[email protected]>, "Lijuan Zhang" > > > > >>>> <[email protected]>, "Ofri Masad" <[email protected]> > > > > >>>> Sent: Wednesday, April 10, 2013 12:12:26 PM > > > > >>>> Subject: Re: minutes for sync up on Open Attestation > > > > >>>> integration with oVirt in 4/9 > > > > >>>> > > > > >>>> Hi Dave, > > > > >>>> Adding Ofri to answer your questions. > > > > >>>> > > > > >>>> ----- Original Message ----- > > > > >>>>> From: "Wei D Chen" <[email protected]> > > > > >>>>> To: "Gang Wei" <[email protected]>, "Doron Fediuck" > > > > >>>>> <[email protected]>, > > > > >>>>> "Buddy Cao" <[email protected]>, "Lijuan Zhang" > > > > >>>>> <[email protected]> > > > > >>>>> Sent: Wednesday, April 10, 2013 6:31:05 AM > > > > >>>>> Subject: RE: minutes for sync up on Open Attestation > > > > >>>>> integration with oVirt in 4/9 > > > > >>>>> > > > > >>>>> Hi Doron, > > > > >>>>> > > > > >>>>> > > > > >>>>> iii. Then periodic trust check will be added into background > > > > >>>>> process > > > > >>>>> for > > > > >>>>> all existing hosts, once becoming non-trusted, mark it as > > > > >>>>> non-operational. > > > > >>>>> > > > > >>>>> - [Dave] Would you give me some details about the > > > > >>>>> “background > > > > >>>>> process” mentioned in our sync up meeting? What’s the > > > > >>>>> process and where is related code? > > > > >>>>> > > > > >>> > > > > >>> The use Quartz Job to scheduled background processes. > > > > >>> An example can be found in: > > > > >>> ovirt-engine/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/Backend.java(Line: > > > > >>> 222) > > > > >>> > > > > >>> This code calls a method that is located in: > > > > >>> ovirt-engine/backend/manager/modules/bll/src/main/java/org/ovi > > > > >>> rt /engin e/core/bll/quota/QuotaManager.java > > > > >>> (Line: 1000) > > > > >>> the @OnTimerMethodAnnotation annotation and the unique job > > > > >>> name connects the two in runtime. > > > > >>> > > > > >>> The job can query the attestation server for all the host and > > > > >>> then set untrusted hosts to Non-Operational. > > > > >>> the best way would be to call SetNonOperationalVdsCommand with > > > > >>> a new NonOperationalReason. > > > > >>> This command tries to migrate all VMs from the host and then > > > > >>> set it non operational. > > > > >>> (We need to think about non-migrational VMs - should we close > > > > >>> those VMs or keep the host running) > > > > >>> > > > > >> > > > > >> One more thing you may want to consider; If we get a positive > > > > >> response for a host which is currently non-operational, issue > > > > >> an activate command to try and make it operational again. > > > > >> Alternatively, you may decide not to handle it, assuming > > > > >> untrusted hosts can only be activated manually (see below > > > > >> Ofri's response on activating a host). > > > > >> > > > > >>>>> > > > > >>>>> iv. If admin fixed the non-operational node and try to switch > > > > >>>>> it > > > > >>>>> to > > > > >>>>> operational mode again, a trust check will happen to gate > > > > >>>>> the switching. > > > > >>>>> > > > > >>>>> - [Dave] If there is a button provided from UI for > > > > >>>>> checking > > > > >>>>> the > > > > >>>>> logic? or we need add an extra-button for attestation check only? > > > > >>>>> > > > > >>> > > > > >>> In the UI we already have the "Activate" option. What still > > > > >>> needs to be added is the check with the attestation provider > > > > >>> to make sure that if the cluster is defined 'Trusted'. If so, > > > > >>> only trusted host will succeed in the activate command (and, > > > > >>> of course, a proper Audit Log error in case the host failed to > > > > >>> activate due to trust issue. > > > > >>> > > > > >>> the correct place to add this check would be in: > > > > >>> ovirt-engine/backend/manager/modules/vdsbroker/src/main/java/o > > > > >>> rg > > > > >>> /ovirt > > > > >>> /engine/core/vdsbroker/VdsManager.java:activate() > > > > >>> this is where the re-activation process begins. > > > > >>> > > > > >>>>> > > > > >>>>> Thanks very much. > > > > >>>>> > > > > >>>>> > > > > >>>>> > > > > >>>>> Best Regards, > > > > >>>>> Dave Chen > > > > >> _______________________________________________ > > > > >> Engine-devel mailing list > > > > >> [email protected] > > > > >> http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > >> > > > > > _______________________________________________ > > > > > Engine-devel mailing list > > > > > [email protected] > > > > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > > > > > > > > > > _______________________________________________ > > > > Engine-devel mailing list > > > > [email protected] > > > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > > > > _______________________________________________ > > > Engine-devel mailing list > > > [email protected] > > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > > _______________________________________________ > > Engine-devel mailing list > > [email protected] > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > _______________________________________________ > > Engine-devel mailing list > > [email protected] > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > _______________________________________________ Engine-devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-devel
