incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <Chiradeep.Vit...@citrix.com>
Subject Re: review comment for Reset ssh key functional spec
Date Sun, 21 Oct 2012 04:57:19 GMT
Not sure if this discussion came to any conclusion. It is worth noting
that none of the current end-user APIs deal with multiple resources: every
fw rule, vm, volume, snapshot etc is addressed individually.

If you want multiple vms, then you have to consider the case where 10 out
of 100 fail -- what is the expected semantics here? Do you want the API to
return the 10 that failed? Or fail completely? Do you want it to stop at
the first failure? Is there a minimum it needs to do? What is the expected
timeout -- this will depend largely on the number of vms. Do we put a
limit on the number of vms?

It is better IMO to stick to the original design.
--
Chiradeep

On 10/11/12 2:07 AM, "Srinivas Vejalla" <srinivas.vejalla@citrix.com>
wrote:

>We should be able to reset single or multiple VM ssh keys.
>
>Srini//
>
>From: Harikrishna Patnala
>Sent: Thursday, October 11, 2012 2:36 PM
>To: Shweta Agarwal; cloudstack-dev@incubator.apache.org; #Cloud - QA Team
>Subject: RE: review comment for Reset ssh key functional spec
>
>With the current plan, it is targeted to reset ssh for a single VM
>provided in the api call. If we want to support the scenario for multiple
>VMs at a time, we can try out by putting a list of VMs in the api call on
>which resetting can be done.
>
>From: Shweta Agarwal
>Sent: 11 October 2012 13:38
>To: Harikrishna Patnala;
>cloudstack-dev@incubator.apache.org<mailto:cloudstack-dev@incubator.apache
>.org>; #Cloud - QA Team
>Subject: RE: review comment for Reset ssh key functional spec
>
>What about my scenario where in I want to update ssh key of my 100VMs
>having same ssh key pair at one go .
>
>Can we achieve it with current Api implementation .
>
>From: Harikrishna Patnala
>Sent: Thursday, October 11, 2012 12:30 PM
>To: Shweta Agarwal;
>cloudstack-dev@incubator.apache.org<mailto:cloudstack-dev@incubator.apache
>.org>; #Cloud - QA Team
>Subject: RE: review comment for Reset ssh key functional spec
>
>
>*         The required parameters are listed In the FS and there are no
>optional parameters.
>
>*         The password that it will return as a plain text in the
>response.
>
>*         If the User VM is in running state, it is rebooted as part of
>the ssh key reset to update the new ssh public key in VM
>(cloud-set-guest-sshkey script runs as a init service in VM to get the
>new ssh public key from virtual router). If the VM is in stopped state,
>then reset SSH api action won't reboot the VM.
>
>*         But rebooting the VM as part of reset SSH key may lead to the
>loss of VM session. So an optional parameter "forcereboot" can be put in
>the API call with the value "true/false". If the VM is in running state
>and forcereboot is true then VM is rebooted after the reset of SSH key.
>If the VM is in running state and forcereboot is false then an error
>message is prompted saying "VM needs to be stopped".
>
>Please review and comment on this.
>
>Thanks
>Harikrishna
>From: Shweta Agarwal
>Sent: 11 October 2012 10:42
>To: 
>cloudstack-dev@incubator.apache.org<mailto:cloudstack-dev@incubator.apache
>.org>; #Cloud - QA Team; Harikrishna Patnala
>Subject: review comment for Reset ssh key functional spec
>
>
>My review comment for ResetSSHkey Functional spec
>
>*         In the API parameters Please mention which all parameters are
>required and which all are optional.
>
>*         The password which it will return in the response to
>resetSSHKeyForVirtualMachine api will it be encrypted password or in
>plain text .
>
>*         What will happen to the current session of the VM which user
>has  login with the old password when you will change the password
>
>*         More over a design consideration
>
>*         When i have several VM  with same SSH keypair and my private
>key is compromised .I would like to change Keypair of all my VMs having
>old keypair . So  is there a way to do the same  with the current API
>design . I definitely don't want to iterate the entire process Per VM ;if
>I have let say 100 VMs. For example If i give my oldkeypair name and new
>keypair name then it should change the keypair of all the VMs having old
>keypair of my account.
>
>
>
>Thanks
>
>Shweta
>
>
>


Mime
View raw message