On 01/31/2013 03:55 PM, Federico Simoncelli wrote:
----- Original Message -----
From: "Shu Ming" <shum...@linux.vnet.ibm.com>
To: "VDSM Project Development" <vdsm-devel@lists.fedorahosted.org>
Sent: Tuesday, October 30, 2012 7:22:18 AM
Subject: [vdsm] A question about the SPM operation permission in VDSM


In the VDSM code about some SPM operations like HSM.deleteImage(), It
is found that VDSM doesn't check if the operation will be launched
on a SPM host or not. It only checks if the storage pool is already
acquired by one SPM host, but not necessary the same host as the SPM
operation is delivered to. The code is like this:

self.validateSPM(spUUID) <--- Only check if the storage pool was
acquired by one host, but not necessary this host

So it really depends on the node management application AKA
ovirt-engine to dispatch the SPM operations to the right VDSM host.

Hi Shu,
  validateSPM is:

     def validateSPM(self, spUUID):
         pool = self.getPool(spUUID)
         if pool.spmRole != sp.SPM_ACQUIRED:
             raise se.SpmStatusError(spUUID)

despite its ambiguous name "SPM_ACQUIRED" refers only to the spmRole
of the current host. That said, vdsm actually checks before running
deleteImage if the host is actually the SPM or not. Eventually you can
verify it running deleteImage on an HSM host, it should fail with:

# vdsClient 0 deleteImage ...
Not SPM: ('<spUUID>',)

VDSM doesn't block API functions at all, it allows you to perform any api functions in any host whether if its SPM or not. What seems wrong, due to that SPM operations are allowed only if VDSM internal state is set to SPM, so why we publish code that we don't use.. seems like it was changed during the time (the dispatcher should hide from the API functions that only the SPM can perform). Now we have the validation as part of sp.py (pool operations), that uses securable.py for that. little bit complicated... but this is how it currently works..

Yaniv Bronhaim.
RedHat, Israel
vdsm-devel mailing list

Reply via email to