Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CA-384579: Call previous NRPE plugin xapi to resolve certs permission issue #3249

Merged
merged 1 commit into from
Nov 2, 2023
Merged

CA-384579: Call previous NRPE plugin xapi to resolve certs permission issue #3249

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions XenModel/Actions/NRPE/NRPEHostConfiguration.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ public class NRPEHostConfiguration : ICloneable, IEquatable<NRPEHostConfiguratio
public const string XAPI_NRPE_SET_CONFIG = "set-config";
public const string XAPI_NRPE_SET_THRESHOLD = "set-threshold";
public const string XAPI_NRPE_RESTART = "restart";
public const string XAPI_NRPE_CONTROL = "control";

public const string DEBUG_ENABLE = "1";
public const string DEBUG_DISABLE = "0";
Expand Down
24 changes: 23 additions & 1 deletion XenModel/Actions/NRPE/NRPEUpdateAction.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,9 @@
* SUCH DAMAGE.
*/

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading;
using XenAPI;


Expand Down Expand Up @@ -104,6 +104,28 @@ private void SetNRPEConfigureForHost(IXenObject o)

private void SetNRPEStatus(IXenObject host, bool enableNRPE)
{
// Workaround for CA-384579 (caused by CA-384572):
// If the certificate used by NRPE was generated in Yangtze it has no permissions.
// We prevent command (start, restart, etc) failures by calling control, which modifies certificate permissions.
// After CA-384572 is resolved we will remove this workaround code.
danilo-delbusso marked this conversation as resolved.
Show resolved Hide resolved
if (enableNRPE)
{
Dictionary<string, string> enableDict = new Dictionary<string, string>
{
{ "enable", "true" }
};
try
{
string controlResult = Host.call_plugin(host.Connection.Session, host.opaque_ref, NRPEHostConfiguration.XAPI_NRPE_PLUGIN_NAME,
BengangY marked this conversation as resolved.
Show resolved Hide resolved
NRPEHostConfiguration.XAPI_NRPE_CONTROL, enableDict);
log.InfoFormat("Run NRPE {0}, return: {1}", NRPEHostConfiguration.XAPI_NRPE_CONTROL, controlResult);
}
catch (Exception e)
{
log.ErrorFormat("Run NRPE {0} failed, error: {1}", NRPEHostConfiguration.XAPI_NRPE_CONTROL, e.Message);
}
}

string nrpeUpdateStatusMethod = enableNRPE ?
NRPEHostConfiguration.XAPI_NRPE_ENABLE : NRPEHostConfiguration.XAPI_NRPE_DISABLE;
string result = Host.call_plugin(host.Connection.Session, host.opaque_ref, NRPEHostConfiguration.XAPI_NRPE_PLUGIN_NAME,
Expand Down
Loading