cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8272) Improve password serving script by making it non-blocking non-locking concurrent server
Date Tue, 10 Mar 2015 10:57:39 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14354708#comment-14354708
] 

ASF GitHub Bot commented on CLOUDSTACK-8272:
--------------------------------------------

Github user brutasse commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/106#discussion_r26112215
  
    --- Diff: systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip.py ---
    @@ -0,0 +1,204 @@
    +#!/usr/bin/env python
    +# Licensed to the Apache Software Foundation (ASF) under one
    +# or more contributor license agreements.  See the NOTICE file
    +# distributed with this work for additional information
    +# regarding copyright ownership.  The ASF licenses this file
    +# to you under the Apache License, Version 2.0 (the
    +# "License"); you may not use this file except in compliance
    +# with the License.  You may obtain a copy of the License at
    +#
    +#   http://www.apache.org/licenses/LICENSE-2.0
    +#
    +# Unless required by applicable law or agreed to in writing,
    +# software distributed under the License is distributed on an
    +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    +# KIND, either express or implied.  See the License for the
    +# specific language governing permissions and limitations
    +# under the License.
    +#
    +# Client usage examples;
    +# Getting password:
    +#   wget -q -t 3 -T 20 -O - --header "DomU_Request: send_my_password" <routerIP>:8080
    +# Send ack:
    +#   wget -t 3 -T 20 -O - --header "DomU_Request: saved_password" localhost:8080
    +# Save password only from within router:
    +#   /opt/cloud/bin/savepassword.sh -v <IP> -p <password>
    +#   curl --header "DomU_Request: save_password" http://localhost:8080/ -F ip=<IP>
-F password=<passwd>
    +
    +import binascii
    +import cgi
    +import os
    +import sys
    +import syslog
    +import threading
    +import time
    +import urlparse
    +
    +from BaseHTTPServer   import BaseHTTPRequestHandler, HTTPServer
    +from SocketServer     import ThreadingMixIn, ForkingMixIn
    +
    +# Global password map
    +passMap = {}
    +secureToken = None
    +
    +# Global passMap lock
    +lock = threading.Lock()
    +
    +def getTokenFile():
    +    return "/tmp/passwdsrvrtoken"
    +
    +def getPasswordFile():
    +    return "/var/cache/cloud/passwords"
    +
    +def initToken():
    +    global secureToken
    +    f = open(getTokenFile(), "w")
    +    secureToken = binascii.hexlify(os.urandom(16))
    +    f.write(secureToken)
    +    f.close()
    +
    +def checkToken(token):
    +    global secureToken
    +    return token == secureToken
    +
    +def loadPasswordFile():
    +    global passMap
    +    if os.path.exists(getPasswordFile()):
    +        f = open(getPasswordFile(), "r")
    +        data = f.read()
    +        f.close()
    +        for line in data.split("\n"):
    +            splitLine = line.split("=")
    +            if len(splitLine) == 2:
    +                passMap[splitLine[0]] = splitLine[1]
    +
    +def savePasswordFile():
    +    global passMap, lock
    +    lock.acquire()
    +    try:
    +        f = open(getPasswordFile(), "w")
    +        for ip in passMap.keys():
    +            f.write("%s=%s\n" % (ip, passMap[ip]))
    +        f.close()
    +    except IOError, e:
    +        syslog.syslog("serve_password: Unable to save to password file %s" % e)
    +    finally:
    +        lock.release()
    +
    +def getPassword(ip):
    +    global passMap
    +    if ip in passMap:
    +        return passMap[ip]
    +    return None
    +
    +def setPassword(ip, password):
    +    global passMap, lock
    +    if ip == None or ip == "" or password == None or password == "":
    --- End diff --
    
    You could simply test for `if not ip or not password`


> Improve password serving script by making it non-blocking non-locking concurrent server
> ---------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-8272
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8272
>             Project: CloudStack
>          Issue Type: Improvement
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.5.0, 4.6.0, 4.4.2, 4.3.2
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>              Labels: virtualrouter
>             Fix For: 4.5.0, 4.6.0
>
>
> The current reset password server serves one user VM at a time, uses a global lock per
VR and slows up VM starting process for a VM that is created by a template with reset password
scripts. No only reset password option, but when the VM starts for the first time this happens.
The way it serves password uses forking the process/scripts which eats up resources in both
process table and memory. For a concurrent launch of 30+ VM the VR hangs/fails. Possible solution
in the past includes increase the VR memory.
> The solution would be to implement a concurrent single-process multi-threaded password
server that works both in basic/isolated network and in VPCs. It's hard to do this in bash,
so we can either implement a backward compatible python script that replaces the present bash
script, or a compiled program (like a native tool) in C/C++/Go/Rust.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message