<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Aug 7, 2017 at 11:06 PM, Nir Soffer <span dir="ltr"><<a href="mailto:nsoffer@redhat.com" target="_blank">nsoffer@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><span class=""><div dir="ltr">On Mon, Aug 7, 2017 at 5:28 PM Roy Golan <<a href="mailto:rgolan@redhat.com" target="_blank">rgolan@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Still someone could call conirmConnectivity, no? so the state isn't guarded from localhost tinkering anyhow. If you really need a solution you can acuire a token for this operation by setupNetworks, and confirm connectivity with this token passed back.<br><br></div><div>I'm not sure about the severity of the problem here, I'll let other reply, but I'm against this kind of solution.<br></div><div> <br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, 7 Aug 2017 at 15:32 Petr Horacek <<a href="mailto:phoracek@redhat.com" target="_blank">phoracek@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
current VDSM ping verb has a problem - it confirms network<br>
connectivity as a side-effect. After Engine calls setupNetwork it<br>
pings VDSM host to confirm that external network connectivity is not<br>
broken. This prohibits other users to call ping from localhost since<br>
it would confirm connectivity even though networking could be broken.<br></blockquote></div></blockquote><div><br></div></span><div>Vdsm can save the client ip setting up the network. Getting a ping from this</div><div>client can confirm that the connectivity was restored. pings from other hosts</div><div>can be ignored.</div><div><br></div><div>The client address is available in a thread local variable (context.client_host)</div><div>during all api calls. see vdsm.common.api.context_<wbr>string() for example usage.</div><div><br></div><div>This infrastructure is available in 4.1.</div></div></div></blockquote><div><br></div><div>The proposed solution is focused on making sure a command does one thing and not two:<br></div><div>A ping that has no side effects and a "watchdog" mechanism to confirm connectivity.<br><br></div><div>Does it make sense to confirm connectivity from localhost? In many cases it probably does not,<br>but there may be cases where it does make sense... it is not the functionality to determine what<br></div><div>makes sense or not, it is the usage of it who has the responsibility to use it correctly.<br><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><span class="HOEnZb"><font color="#888888"><div><br></div><div>Nir</div></font></span><span class=""><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
In order to fix this problem ping should be split to ping2 (which just<br>
returns Success with no side-effect) and confirmConnectivity. Change<br>
on VDSM side was introduced in [1], we still need to expose new verbs<br>
in Engine.<br>
<br>
Regards,<br>
Petr<br>
<br>
[1] <a href="https://gerrit.ovirt.org/#/c/80119/" rel="noreferrer" target="_blank">https://gerrit.ovirt.org/#/c/<wbr>80119/</a><br>
______________________________<wbr>_________________<br>
Devel mailing list<br>
<a href="mailto:Devel@ovirt.org" target="_blank">Devel@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/devel</a><br>
</blockquote></div>
______________________________<wbr>_________________<br>
Devel mailing list<br>
<a href="mailto:Devel@ovirt.org" target="_blank">Devel@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/devel</a></blockquote></span></div></div>
<br>______________________________<wbr>_________________<br>
Devel mailing list<br>
<a href="mailto:Devel@ovirt.org">Devel@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/devel</a><br></blockquote></div><br></div></div>