Hi Dave, Can't a host become untrusted without being rebooted? If that is really the case, there is no need for a periodic check - the trigger for the check would be the host rebooting (which is visible to the engine).
Thanks, Ofri ----- Original Message ----- > From: "Wei D Chen" <[email protected]> > To: "Itamar Heim" <[email protected]>, "Ofri Masad" <[email protected]> > Cc: "Oved Ourfalli" <[email protected]>, [email protected] > Sent: Thursday, April 18, 2013 9:19:03 AM > Subject: RE: [Engine-devel] minutes for sync up on Open Attestation > integration with oVirt in 4/9 > > I think it's more sensible, the initial status should be the real status for > this host (trusted / untrusted) only the untrusted host will be set to > non-operational. > we just need poll this host instead of all of the hosts in the cluster if > this can be done in "InitVdsOnUpCommand", and we suppose this is the first > time when this host add into the cluster. > Follow these steps (conclusion based on your suggestion). > > - The first time when one host is added into a trust cluster then poll > this > host, the host will be in "up" status if get "trusted" result from > attestation server, or else, set this host as non-operational status. > - The periodic check will poll all of the hosts only once as this will cut > down a lot of time needed instead of poll each host one by one, this > conclusion is based on our experiments because most of time consumed is in > parallel. > - When host is down for a different reason and up again, we suppose > "InitVdsOnUpCommand" will be triggered again (right?), so we will poll this > host again to get the real status(trusted / untrusted). Then mark the host > as up or non-operational. > > As a trusted host flip to untrusted and take effective only under the > condition of this host has been hacked and rebooted, so we proposal no need > to add periodic check if any host's reboot will invoke "InitVdsOnUpCommand" > and we add attestation logic in "InitVdsOnUpCommand" is enough. > > My proposal would be like this (no periodic check is needed, will simply our > integration) > > - The first time when one host is added into a trust cluster then poll > this > host, the host will be in "up" status if get "trusted" result from > attestation server, or else, set this host as non-operational status. > - The periodic check will poll all of the hosts only once as this will cut > down a lot of time needed instead of poll each host one by one, this > conclusion is based on our experiments because most of time consumed is in > parallel. > - (up -> nonoperationl / trusted -> untrusted)When host is down for a > different reason and up again, we suppose "InitVdsOnUpCommand" will be > triggered again (right?) and we also suppose the host will be > non-operational if host is down for some reason (right), so we will poll > this host again to get the real status(trusted / untrusted) after host's > rebooting. > - (nonoperationl -> up / untrusted -> trusted) Admin will activate this > host > manually after admin fix the issue of this host. Attestation logic will be > added into "VdsManager:activate ()" as the clue you give me before. > > Any suggestion? > > Best Regards, > Dave Chen > > > -----Original Message----- > From: Itamar Heim [mailto:[email protected]] > Sent: Wednesday, April 17, 2013 8:31 PM > To: Ofri Masad > Cc: Chen, Wei D; Oved Ourfalli; [email protected] > Subject: Re: [Engine-devel] minutes for sync up on Open Attestation > integration with oVirt in 4/9 > > On 04/17/2013 10:23 AM, Ofri Masad wrote: > > Hi Dave, > > The VdsUpdateRunTimeInfo runs every 3 seconds or so. so it not a good place > > to call the attestation host. > > Instead, like we suggested earlier, create a new Quartz job (like the one > > I've sent you in the QuotaManager class) which run every couple of minutes > > and update the hosts state. > > You can also add the check to InitVdsOnUpCommand, so that if a host was > > down for a different reason, it will be rechecked for attestation. > > You can add a UI to allow manual "refresh attestation". > > > > so the new thread will poll all for all hosts and update the db, then during > the normal monitoring "detect" the issue? > > > Ofri > > > > ----- Original Message ----- > >> From: "Wei D Chen" <[email protected]> > >> To: "Omer Frenkel" <[email protected]>, "Doron Fediuck" > >> <[email protected]> > >> Cc: "Oved Ourfalli" <[email protected]>, [email protected] > >> Sent: Monday, April 15, 2013 5:53:34 PM > >> Subject: Re: [Engine-devel] minutes for sync up on Open Attestation > >> integration with oVirt in 4/9 > >> > >> Good approach, thanks all. How long it needs to invoke periodic check > >> in the class of VdsUpdateRunTimeInfo? Whether this time configurable? > >> My concern is if the initial status of each host added into trusted > >> cluster is non-operational, we need wait a long time for the invoking > >> of this periodic check, so a trusted host's with initial status of > >> non-operational will take a long time to flip to a trusted host. > >> > >> As I have not seen the configuration of periodic check in > >> VdsUpdateRunTimeInfo, would you give me some tips if you has some clue. > >> Thanks a lot. > >> > >> Best Regards, > >> Dave Chen > >> > >> -----Original Message----- > >> From: [email protected] > >> [mailto:[email protected]] > >> On Behalf Of Omer Frenkel > >> Sent: Monday, April 15, 2013 7:01 PM > >> To: Doron Fediuck > >> Cc: Oved Ourfalli; [email protected] > >> Subject: Re: [Engine-devel] minutes for sync up on Open Attestation > >> integration with oVirt in 4/9 > >> > >> > >> > >> ----- Original Message ----- > >>> From: "Doron Fediuck" <[email protected]> > >>> To: "Itamar Heim" <[email protected]> > >>> Cc: "Oved Ourfalli" <[email protected]>, [email protected] > >>> Sent: Monday, April 15, 2013 10:05:57 AM > >>> Subject: Re: [Engine-devel] minutes for sync up on Open Attestation > >>> integration with oVirt in 4/9 > >>> > >>> > >>> > >>> ----- Original Message ----- > >>>> From: "Itamar Heim" <[email protected]> > >>>> To: "Oved Ourfalli" <[email protected]> > >>>> Cc: [email protected] > >>>> Sent: Monday, April 15, 2013 9:49:12 AM > >>>> Subject: Re: [Engine-devel] minutes for sync up on Open Attestation > >>>> integration with oVirt in 4/9 > >>>> > >>>> On 04/15/2013 09:20 AM, Oved Ourfalli wrote: > >>>>> > >>>>> > >>>>> ----- Original Message ----- > >>>>>> From: "Wei D Chen" <[email protected]> > >>>>>> To: "Doron Fediuck" <[email protected]>, "Ofri Masad" > >>>>>> <[email protected]> > >>>>>> Cc: [email protected] > >>>>>> Sent: Monday, April 15, 2013 8:54:18 AM > >>>>>> Subject: Re: [Engine-devel] minutes for sync up on Open > >>>>>> Attestation integration with oVirt in 4/9 > >>>>>> > >>>>>> Hi Doron and Ofri, > >>>>>> > >>>>>> Thanks for your reply, here is some other question. > >>>>>> > >>>>>> ii. When adding a host into the trusted cluster, the host will > >>>>>> be attested via OAT service, only trusted hosted can be added. > >>>>>> > >>>>>> Would you also kindly tell me if there is any mandatory logic > >>>>>> check when adding a host into a cluster, so we can also put > >>>>>> attestation logic with these mandatory check together? Some > >>>>>> example or code location is better. > >>>>>> Thanks a lot. > >>>>>> > >>>>> > >>>>> I think there are two approaches, depending on the use case. > >>>>> #1: > >>>>> If the host trusted property is static, then you can narrow the > >>>>> tests to two locations: > >>>>> * AddVdsCommand - (Vds = Host) - This command is triggered when a > >>>>> new host is added to the system. You can use the canDoAction > >>>>> method (which we have on all commands, and it determines whether > >>>>> an action can be run or not), and there, if cluster requires > >>>>> trusted hosts only, you can test whether this host is trusted or > >>>>> not. > >>>>> * ChangeVdsClusterCommand - this command is used when you change > >>>>> the cluster of a host. So, if the target cluster requires tursted > >>>>> hosts, you can do a similar test in its canDoAction method. > >>>>> > >>>>> #2: > >>>>> If the host trusted property can change, then I'd suggest using > >>>>> the NonOperational property of a host. > >>>>> We have a class called VdsUpdateRunTimeInfo that does periodic > >>>>> tests of hosts, deciding what's their status, according to > >>>>> specific flags. > >>>>> The code there is quite complex, and would require refactoring at > >>>>> some point, but in the meantime you can use the MonitoringStrategy > >>>>> interface that is being used there, and implement a new monitoring > >>>>> strategy for Open Attestation. > >>>>> > >>>>> There, in the processHardwareCapabilities, you can test that the > >>>>> host is trusted. > >>>>> > >>>>> When creating the strategy, using the MonitoringStrategyFactory, > >>>>> you'll need to create the appropriate strategy. > >>>>> Currently we support either virt strategy or gluster strategy or > >>>>> both. In your case you would need virt+attestation / > >>>>> gluster+attestation / > >>>>> virt+gluster+attestation, according to the services deployed on > >>>>> virt+gluster+the > >>>>> cluster. > >>>> > >>>> I'd go with the 2nd approach. i.e., not block the host from being > >>>> added, only from being used, based on monitoring / non-op status > >>>> > >>> +1. > >>> It means that the admin can add the host, but the host will not be > >>> operational until we get a positive indication from the attestation > >>> service. > >>> > >> +1 > >> if we want to test attestation only once, every time before host moves to > >> up. > >> the right place for it, imo, is InitVdsOnUpCommand if its periodic > >> also after host is up, then it should be somewhere in the monitoring > >> code > >> > >>>> > >>>>> > >>>>> > >>>>> Does that make sense? > >>>>> Doron and Ofri, what did you have in mind for this feature? > >>>>> > >>>>> Regards, > >>>>> Oved > >>>>> > >>>>>> > >>>>>> Best Regards, > >>>>>> Dave Chen > >>>>>> > >>>>>> > >>>>>> -----Original Message----- > >>>>>> From: Doron Fediuck [mailto:[email protected]] > >>>>>> Sent: Wednesday, April 10, 2013 8:03 PM > >>>>>> To: Ofri Masad > >>>>>> Cc: Wei, Gang; Chen, Wei D; Cao, Buddy; Zhang, Lijuan > >>>>>> Subject: Re: minutes for sync up on Open Attestation integration > >>>>>> with oVirt in 4/9 > >>>>>> > >>>>>> > >>>>>> > >>>>>> ----- Original Message ----- > >>>>>>> From: "Ofri Masad" <[email protected]> > >>>>>>> To: "Gang Wei" <[email protected]> > >>>>>>> Cc: "Wei D Chen" <[email protected]>, "Buddy Cao" > >>>>>>> <[email protected]>, "Lijuan Zhang" <[email protected]>, > >>>>>>> "Doron Fediuck" <[email protected]> > >>>>>>> Sent: Wednesday, April 10, 2013 2:23:57 PM > >>>>>>> Subject: Re: minutes for sync up on Open Attestation integration > >>>>>>> with oVirt in 4/9 > >>>>>>> > >>>>>>> Hi, > >>>>>>> > >>>>>>> answers inside the mail body. > >>>>>>> > >>>>>>> ----- Original Message ----- > >>>>>>>> From: "Doron Fediuck" <[email protected]> > >>>>>>>> To: "Wei D Chen" <[email protected]> > >>>>>>>> Cc: "Gang Wei" <[email protected]>, "Buddy Cao" > >>>>>>>> <[email protected]>, "Lijuan Zhang" <[email protected]>, > >>>>>>>> "Ofri Masad" <[email protected]> > >>>>>>>> Sent: Wednesday, April 10, 2013 12:12:26 PM > >>>>>>>> Subject: Re: minutes for sync up on Open Attestation > >>>>>>>> integration with oVirt in 4/9 > >>>>>>>> > >>>>>>>> Hi Dave, > >>>>>>>> Adding Ofri to answer your questions. > >>>>>>>> > >>>>>>>> ----- Original Message ----- > >>>>>>>>> From: "Wei D Chen" <[email protected]> > >>>>>>>>> To: "Gang Wei" <[email protected]>, "Doron Fediuck" > >>>>>>>>> <[email protected]>, > >>>>>>>>> "Buddy Cao" <[email protected]>, "Lijuan Zhang" > >>>>>>>>> <[email protected]> > >>>>>>>>> Sent: Wednesday, April 10, 2013 6:31:05 AM > >>>>>>>>> Subject: RE: minutes for sync up on Open Attestation > >>>>>>>>> integration with oVirt in 4/9 > >>>>>>>>> > >>>>>>>>> Hi Doron, > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> iii. Then periodic trust check will be added into background > >>>>>>>>> process > >>>>>>>>> for > >>>>>>>>> all existing hosts, once becoming non-trusted, mark it as > >>>>>>>>> non-operational. > >>>>>>>>> > >>>>>>>>> - [Dave] Would you give me some details about the > >>>>>>>>> “background > >>>>>>>>> process” mentioned in our sync up meeting? What’s the process > >>>>>>>>> and where is related code? > >>>>>>>>> > >>>>>>> > >>>>>>> The use Quartz Job to scheduled background processes. > >>>>>>> An example can be found in: > >>>>>>> ovirt-engine/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/Backend.java(Line: > >>>>>>> 222) > >>>>>>> > >>>>>>> This code calls a method that is located in: > >>>>>>> ovirt-engine/backend/manager/modules/bll/src/main/java/org/ovirt > >>>>>>> /engin e/core/bll/quota/QuotaManager.java > >>>>>>> (Line: 1000) > >>>>>>> the @OnTimerMethodAnnotation annotation and the unique job name > >>>>>>> connects the two in runtime. > >>>>>>> > >>>>>>> The job can query the attestation server for all the host and > >>>>>>> then set untrusted hosts to Non-Operational. > >>>>>>> the best way would be to call SetNonOperationalVdsCommand with a > >>>>>>> new NonOperationalReason. > >>>>>>> This command tries to migrate all VMs from the host and then set > >>>>>>> it non operational. > >>>>>>> (We need to think about non-migrational VMs - should we close > >>>>>>> those VMs or keep the host running) > >>>>>>> > >>>>>> > >>>>>> One more thing you may want to consider; If we get a positive > >>>>>> response for a host which is currently non-operational, issue an > >>>>>> activate command to try and make it operational again. > >>>>>> Alternatively, you may decide not to handle it, assuming > >>>>>> untrusted hosts can only be activated manually (see below Ofri's > >>>>>> response on activating a host). > >>>>>> > >>>>>>>>> > >>>>>>>>> iv. If admin fixed the non-operational node and try to switch > >>>>>>>>> it > >>>>>>>>> to > >>>>>>>>> operational mode again, a trust check will happen to gate the > >>>>>>>>> switching. > >>>>>>>>> > >>>>>>>>> - [Dave] If there is a button provided from UI for > >>>>>>>>> checking > >>>>>>>>> the > >>>>>>>>> logic? or we need add an extra-button for attestation check only? > >>>>>>>>> > >>>>>>> > >>>>>>> In the UI we already have the "Activate" option. What still > >>>>>>> needs to be added is the check with the attestation provider to > >>>>>>> make sure that if the cluster is defined 'Trusted'. If so, only > >>>>>>> trusted host will succeed in the activate command (and, of > >>>>>>> course, a proper Audit Log error in case the host failed to > >>>>>>> activate due to trust issue. > >>>>>>> > >>>>>>> the correct place to add this check would be in: > >>>>>>> ovirt-engine/backend/manager/modules/vdsbroker/src/main/java/org > >>>>>>> /ovirt > >>>>>>> /engine/core/vdsbroker/VdsManager.java:activate() > >>>>>>> this is where the re-activation process begins. > >>>>>>> > >>>>>>>>> > >>>>>>>>> Thanks very much. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> Best Regards, > >>>>>>>>> Dave Chen > >>>>>> _______________________________________________ > >>>>>> Engine-devel mailing list > >>>>>> [email protected] > >>>>>> http://lists.ovirt.org/mailman/listinfo/engine-devel > >>>>>> > >>>>> _______________________________________________ > >>>>> Engine-devel mailing list > >>>>> [email protected] > >>>>> http://lists.ovirt.org/mailman/listinfo/engine-devel > >>>>> > >>>> > >>>> _______________________________________________ > >>>> Engine-devel mailing list > >>>> [email protected] > >>>> http://lists.ovirt.org/mailman/listinfo/engine-devel > >>>> > >>> _______________________________________________ > >>> Engine-devel mailing list > >>> [email protected] > >>> http://lists.ovirt.org/mailman/listinfo/engine-devel > >>> > >> _______________________________________________ > >> Engine-devel mailing list > >> [email protected] > >> http://lists.ovirt.org/mailman/listinfo/engine-devel > >> _______________________________________________ > >> Engine-devel mailing list > >> [email protected] > >> http://lists.ovirt.org/mailman/listinfo/engine-devel > >> > > _______________________________________________ > > Engine-devel mailing list > > [email protected] > > http://lists.ovirt.org/mailman/listinfo/engine-devel > > > > _______________________________________________ Engine-devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-devel
