Comments (6)
This looks like the design we discussed last week. It's adding a new field, which is not used when the per-host setting is false, and it even simplifies the case. This looks good to me, and I'd be glad to review PRs implementing this, @mg12 might want to add comments before implementation starts
from xen-api.
If you add a new field then is the xapi.conf entry still needed, can it be completely removed to reduce the combinatorial matrix of codepaths to test?
By default that new field would be empty, and as long as the user doesn't override it, they'll be fine.
If they make an API call (or 'xe' cli call) then we'll apply the semantics of that field (maybe for a short while we need to do something on upgrades to still recognize the old xapi.conf field).
i.e. treat 'allow_custom_uefi_certs' as always true even in XenServer, it is just that in xenserver we'd leave the field to be empty.
That seems to match the semantics you wanted? i.e. these 2 options are the same
If allow_custom_uefi_certs is false:
Ensure /var/lib/varstored is a symlink to /usr/share/varstored (unchanged from previous behaviour)
If allow_custom_uefi_certs is true AND Pool.custom_uefi_certificates is empty or is not a valid value:
Ensure /var/lib/varstored is a symlink to /usr/share/varstored (no custom certs: keep/restore the symlink)
from xen-api.
@edwintorok Yes. The reason why this setting exist is because XenServer didn't want to allow installing custom certificates and XCP-ng needed to. I'm fine with either keeping or removing the setting.
from xen-api.
I thought the difference was that we installed some certificates by default (and the method that we used to install them changed over time), whereas xcp-ng got 0 certificates by default and the user had to install them.
I don't think that having the ability to install custom certificates in XenServer would be bad, it might be a useful feature, but it isn't something we'd advertise in the UI, or (initially) support customers to do, and because we don't strictly need it, we likely wouldn't test it.
But just like with all the other experimental and unsupported features in XAPI if someone from the CLI does it then if they break it is their responsibility to fix.
If we can keep the code simpler by having just 2 code paths (XenServer default and Xcp-ng default) instead of 3 or 4, then that might be better
from xen-api.
cc @mg12 who worked on the original flag in XS for this.
from xen-api.
maybe for a short while we need to do something on upgrades to still recognize the old xapi.conf field
If it's just ignored when present, without causing XAPI to fail, that's enough for me. Only beta-testers of XCP-ng 8.3 are concerned on our side, and we override xapi.conf when the defaults change in it (this is because defaults in XAPI code are tailored for XenServer, so xapi.conf is our way to set our XCP-ng settings. Users are redirected to xapi.conf.d if they need to add or change a setting).
from xen-api.
Related Issues (20)
- Missing systemd service files, referenced by `xapi.service` HOT 1
- xapi start blocked without a diagnostic when `squeezed` is not running
- `make install` discrepancy on `xenopsd` `libexec` HOT 3
- hardcoded path to `igmp_query_injector.py` HOT 2
- SMT discoverability: add thread_per_core info in host.cpu_info HOT 4
- XAPI could store reference to block-device as by-(uu)id when presented an enumeration-dependant dev path
- [SMAPIv3] `VDI.copy` generates an error, then logs at debug level it is safe to ignore
- multiple dom0 attach failed with SMAPIv3 HOT 1
- [SMAPIv3] Error accessing device in `xe vbd-plug` leaves device "half plugged"
- [SMAPIv3] `xe vdi-create` leaves VDI half-created on error in `Volume.set` for `vdi-type=user`
- [SMAPIv3] `xe sr-create` does not report an error when `SR.attach` fails HOT 1
- [RFC] New API methods to let clients display accurate status about SecureBoot and UEFI certs HOT 2
- Allowing xe VM import URL via HTTPS
- "Emergency Network Reset" interferes with `network-init` when trying to fix VLAN specification
- Firstboot script failures not reported to the user
- Use host FQDN in VM console URLs HOT 1
- setting back `is-a-template=false` on a VM causes inconsistent state
- ISO SR is confused by unreadable files
- Reduce freeze time when suspending a VM HOT 2
- Support Chunk encoding
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xen-api.