cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nux! <...@li.nux.ro>
Subject Re: [DISCUSS] VR Password server improvement and expiring
Date Wed, 11 Mar 2015 17:36:30 GMT
> Lucian - in the proposal what I meant to say was that in case a password was
> sent to a user VM but the user VM does not respond with an ack (so as to remove
> the password from its storage/memory) should it expiry it after a period of say
> 15 mins?

Rohit, seeing that there is logic built into these scripts, then the expected action would
be to just wait for the script's ACK indefinitely.
If the ACK doesn't come it means the VM is either crashed, or stopped (waiting to be started
when the customer wants) etc; there is a reason behind it.

> Pierre - I would be happy to implement a SSL based http server which is my next
> step though I’m not sure about the logistics of adding the SSL scripts etc,
> which could be similar how it is done for the CPVM/SSVM. The first step is to
> remove bash/socat based password server with a Python based server that uses
> Threads instead of Forks (so less memory intensive) and cleans up properly.

+1 for SSL, particularly important in basic and adv+sg zones.

Personally I would not change the current implementation since it works well, although I could
see why you would want to as a programmer.
Also, by using a proper programming language you've just locked out non-programmers (like
me) from being able to debug problems with it - not necessarilly a good argument though.

One advantage of the current implementation is that socat can be very easily made to serve
SSL http://www.dest-unreach.org/socat/doc/socat-openssltunnel.html , we might end up using
socat with your program, too.



Lucian

Mime
View raw message