cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chiradeep Vittal" <chirade...@gmail.com>
Subject Re: Review Request 13496: changes for guest vm password script for parallel vm deployment
Date Tue, 13 Aug 2013 01:12:59 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/13496/#review25048
-----------------------------------------------------------


#1. if you add fork to the TCP_LISTEN option of SOCAT, then it will fork a process for each
connection, allowing more parallelism
#2. There is a bug in serve_password.sh (see below)
#3. You can also add 'su=nobody' to the TCP4_LISTEN option to increase the security of the
procedure (after all we are blindly accepting strings from potentially untrusted vm)

diff --git a/patches/systemvm/debian/config/opt/cloud/bin/passwd_server_ip b/patches/systemvm/debian/config/opt/cloud/bin/passwd_server_ip
index 8d62dff..4622860 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/passwd_server_ip
+++ b/patches/systemvm/debian/config/opt/cloud/bin/passwd_server_ip
@@ -20,7 +20,7 @@
 addr=$1;
 while [ "$ENABLED" == "1" ]
 do
-       socat -lf /var/log/cloud.log TCP4-LISTEN:8080,reuseaddr,crnl,bind=$addr SYSTEM:"/opt/cloud/bin/serve_password.sh
\"\$SOCAT_PEERADDR\""
+       socat -lf /var/log/cloud.log TCP4-LISTEN:8080,reuseaddr,su=nobody,fork,crnl,bind=$addr
SYSTEM:"/opt/cloud/bin/serve_password.sh \"\$SOCAT_PEERADDR\""
 
        rc=$?
        if [ $rc -ne 0 ]
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/serve_password.sh b/patches/systemvm/debian/config/opt/cloud/bin/serve_password.sh
index b829b54..a3a2732 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/serve_password.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/serve_password.sh
@@ -62,7 +62,7 @@ do
                break
        fi
 
-       request=$(echo $input | grep "DomU_Request:" | cut -d: -f2 | sed 's/^[ \t]*//')
+       request=$(echo "$input" | grep "DomU_Request:" | cut -d: -f2 | sed 's/^[ \t]*//')
 
        if [ "$request" != "" ]
        then

- Chiradeep Vittal


On Aug. 12, 2013, 1:24 p.m., Jayapal Reddy wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/13496/
> -----------------------------------------------------------
> 
> (Updated Aug. 12, 2013, 1:24 p.m.)
> 
> 
> Review request for cloudstack, anthony xu, Abhinandan Prateek, Chiradeep Vittal, and
Sheng Yang.
> 
> 
> Bugs: CLOUDSTACK-4184
> 
> 
> Repository: cloudstack-git
> 
> 
> Description
> -------
> 
> For parallel vm deployment guest vm password script is fixed by retrying after random
sleep on failure.
> 
> Please review the changes and provide your comments so that I can commit this.
> 
> For windows guest VM script, changes for parallel vm deployment is not added.
> 
> 
> Diffs
> -----
> 
>   setup/bindir/cloud-set-guest-password.in 3215894 
> 
> Diff: https://reviews.apache.org/r/13496/diff/
> 
> 
> Testing
> -------
> 
> Tested by deploying 30 vms. All vms set its password successfully.
> 
> 
> Thanks,
> 
> Jayapal Reddy
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message