Merge master to feature/trusted-certs (#7010)

```diff
commit 4da9ef6
Merge: 1c49383 043e6bd
Author: Ming Lu <ming.lu@cloud.com>
Date:   Wed Apr 15 09:56:22 2026 +0800

    Merge branch 'master' into private/mingl/feature/trusted-certs

diff --cc ocaml/idl/datamodel_common.ml
index 93a3fbc,0fe08b11c..25e689f
--- a/ocaml/idl/datamodel_common.ml
+++ b/ocaml/idl/datamodel_common.ml
@@@ -3,21 -3,21 +3,21 @@@
  open Datamodel_types
  open Lifecycle
  open Datamodel_roles
  
  (* IMPORTANT: Please bump schema vsn if you change/add/remove a _field_.
                You do not have to bump vsn if you change/add/remove a message
                When introducing a new release, bump the schema minor version to the next hundred
                to leave a gap for potential hotfixes needing to increment the schema version.*)
  let schema_major_vsn = 5
  
- let schema_minor_vsn = 794
 -let schema_minor_vsn = 901
++let schema_minor_vsn = 902
  
  (* Historical schema versions just in case this is useful later *)
  let rio_schema_major_vsn = 5
  
  let rio_schema_minor_vsn = 19
  
  let miami_release_schema_major_vsn = 5
  
  let miami_release_schema_minor_vsn = 35
  
diff --cc ocaml/idl/schematest.ml
index e92f9e9,c963c8f11..a7fc9bd
--- a/ocaml/idl/schematest.ml
+++ b/ocaml/idl/schematest.ml
@@@ -1,16 -1,16 +1,16 @@@
  let hash x = Digest.string x |> Digest.to_hex
  
  (* BEWARE: if this changes, check that schema has been bumped accordingly in
     ocaml/idl/datamodel_common.ml, usually schema_minor_vsn *)
  
- let last_known_schema_hash = "ce90c659723cbcd5265e4dd856802b74"
 -let last_known_schema_hash = "32bbba07579ca8844fa6162164530268"
++let last_known_schema_hash = "a64e7e1133a10add1b39d22cd6bbc352"
  
  let current_schema_hash : string =
    let open Datamodel_types in
    let hash_of_obj x =
      List.map rpc_of_content x.contents
      |> List.map Jsonrpc.to_string
      |> String.concat ""
      |> hash
    in
    Datamodel.all_system |> List.map hash_of_obj |> String.concat ":" |> hash

Author: minglumlu

.gitignore

@@ -7,6 +7,8 @@ _coverage/
 *.swp
 compile_flags.txt
 _opam
+**/*.[ch]~
+.zed/
 
 # tests
 xapi-db.xml

doc/content/design/external-auth-ldaps.md

@@ -91,8 +91,9 @@ Given `ldaps` default to `false`, this feature is **NOT** enabled until explicit
 
 #### 3.1.2 Error code
 Following new error codes added to indicate ldaps enable related error
-- AUTH_NO_CERT,  no certs can be used for ldaps, refer to 4.1.2 for certs finding.
-- AUTH_INVALID_CERT, found certs, but none of the certs can be used to connect to DC
+- POOL_AUTH_ENABLE_FAILED_NO_CERTS,  no certs can be used for ldaps, refer to 4.1.2 for certs finding.
+- POOL_AUTH_ENABLE_FAILED_INVALID_CERTS, found certs, but none of the certs can be used to connect to DC
+**Note**: Current error code handing infrustrucure requires the error code prefix with POOL_AUTH_ENABLE_FAILED
 
 ### 3.2 Set/Get Pool LDAPS Status
 
@@ -137,7 +138,7 @@ This API may raise following errors
 - AUTH_NO_CERT, no certs found to enable ldaps, refer to 4.1.2 for certs finding
 - AUTH_INVALID_CERT, found certs, but none of the certs can be used to connect to DC
 - AUTH_IS_DISABLED, AD is not enabled
-- AUTH_LDAPS_PING_FAILED,  failed to do ldaps query on all DCs with valid certs
+- AUTH_SET_LDAPS_FAILED,  Failed to set ldaps, the error message contains the details like ldap query on domain failed
 
 #### 3.2.2 Get Pool LDAPS Status
 
@@ -211,24 +212,6 @@ This design is following [trusted-certificates.md](https://github.com/xapi-proje
 - `pool.external_auth_set_ldaps` API
 - (Re)join domain
 
-### 4.2 Xapi Configuration
-
-#### 4.2.1 winbind-tls-verify-peer
-
-For security, xapi asks winbind to verify CA certificate. `ca_and_name_if_available` is the default.
-
-However, user may want to disable this verification for debug purpose.
-
-`winbind-tls-verify-peer` is introduced for xapi configuration, and the possible values are `no_check`, `ca_only`, `ca_and_name_if_available`, `ca_and_name` and `as_strict_as_possible`.
- The configured value will override  `tls verify peer` value in xapi generated samba configuration. Refer to [smb.conf](https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html) for the details.
-
-
-**Note:** This item is not intended for public documentation. This is only for debug purpose, or system tuning for specific scenarios from engineering/support team.
-
-#### 4.2.2 ad-warning-message-interval
-
-xapi sends warning message to user with this interval on LDAP query failure. Default to 1 week. Refer to section "Session revalidate" for the details.
-
 ## 5. Session Revalidate
 
 xapi LDAP queries domain user status (if user has been added to manage XenServer) at configurable interval, and destroys the session created by domain user if user no longer in healthy status.
@@ -238,23 +221,11 @@ However, the LDAP query may fail due to various issues as follows:
 - Temporary network issues
 - CA certificate is not properly configured, or expired, etc.
 
-Instead of destroying user session for stability, a warning message will be sent to user with the details at configurable interval `ad-warning-message-interval`.
-
-- If no LDAP error, do nothing
-- If error happens, send the warning message if:
-  - first time see the error through xapi start up (so no need to persist last send time) or
-  - `current_time - last_sent_time > winbind_warning_message_interval`
-
-The message is defined as follows:
-- name: AD_DC_LDAP_CHECK
-- priority: Warning
-- cls: `Host
-- Body: LDAP(S) query check to `<DC>` of `<domain>` failed from `<host>` of `<pool>`
+Instead of destroying user session for stability, a warning will be printed in xensource.log
 
 Note:
 - The backend session revalidate check only performs on pool coordinator, thus the backend LDAP(S) query check only on coordinator
 - `external_auth_set_ldaps` perform LDAP(S) query check on every host
-- All previous AD_DC_LDAP_CHECK warning of a host will be cleaned on a successful LDAP(s) query from that host
 
 ## 6. Pool Join/Leave
 

dune-project

@@ -179,6 +179,8 @@
   (xapi-types
    (= :version))
   (xapi-stdext-zerocheck
+    (= :version))
+  (xapi-work-queues
     (= :version)))
  (synopsis "A CLI for xapi storage services")
  (description
@@ -191,7 +193,8 @@
  (name xapi-schema))
 
 (package
-  (name xapi-work-queues))
+ (name xapi-work-queues)
+ (depends ppx_deriving_rpc xapi-stdext-threads))
 
 (package
  (name rrdd-plugin)
@@ -235,6 +238,7 @@
   fmt
   logs
   mtime
+  rpclib
   (xapi-stdext-pervasives (= :version))))
 
 (package
@@ -326,6 +330,7 @@
   xapi-stdext-pervasives
   xapi-stdext-unix
   xapi-stdext-zerocheck
+  xapi-work-queues
   xen-api-client
   xen-api-client-lwt
   xenctrl
@@ -364,6 +369,7 @@
   rrdd-plugin
   xapi-stdext-std
   xapi-tracing-export
+  xapi-work-queues
   xen-api-client
   (alcotest :with-test)
   (ppx_deriving_rpc :with-test)
@@ -482,6 +488,8 @@
    (= :version))
   (xapi-types
    (= :version))
+  (xapi-work-queues
+   (= :version))
   (xen-api-client-lwt
    (= :version))
   xenctrl ; for quicktest

ocaml/database/dune

@@ -53,7 +53,6 @@
   httpsvr
   unix
   uuid
-  backtrace
   xapi-datamodel
   xapi-log
   (re_export xapi-schema)

ocaml/database/parse_db_conf.ml

@@ -173,8 +173,9 @@ let parse_db_conf s =
     sanity_check !connections ;
     !connections
   with exn ->
+    let bt = Printexc.get_raw_backtrace () in
     error "Database config parse failed: %s" (Printexc.to_string exn) ;
-    Backtrace.reraise exn Cannot_parse_database_config_file
+    Printexc.raise_with_backtrace Cannot_parse_database_config_file bt
 
 let get_db_conf path =
   if Sys.file_exists path then

ocaml/forkexecd/lib/dune

@@ -12,7 +12,6 @@
    rpclib.xml
    unix
    uuid
-   backtrace
    xapi-log
    xapi-stdext-pervasives
    xapi-stdext-unix

ocaml/forkexecd/lib/fe_systemctl.ml

@@ -158,7 +158,7 @@ let start_transient ?env ?properties ?(exec_ty = Type.Simple) ~service cmd args
   ) ;
   try start_transient ?env ?properties ~exec_ty ~service cmd args
   with e ->
-    Backtrace.is_important e ;
+    let bt = Printexc.get_raw_backtrace () in
     (* If start failed we do not know what state the service is in:
      * try to stop it and clean up.
      * Stopping could fail as well, in which case report the original exception.
@@ -168,4 +168,4 @@ let start_transient ?env ?properties ?(exec_ty = Type.Simple) ~service cmd args
         ()
       with _ -> ()
     ) ;
-    raise e
+    Printexc.raise_with_backtrace e bt

ocaml/gencert/dune

@@ -18,7 +18,7 @@
     rresult
     unix
     x509
-    backtrace
+    xapi-log.backtrace
     xapi-consts
     xapi-log
     xapi-inventory

ocaml/idl/datamodel.ml

@@ -11037,7 +11037,7 @@ let http_actions =
   ; ( "get_vm_rrds"
     , ( Get
       , "/vm_rrds"
-      , true
+      , false
       , [String_query_arg "uuid"; Bool_query_arg "json"]
       , _R_READ_ONLY
       , []
@@ -11054,7 +11054,7 @@ let http_actions =
     )
     (* For XC < 8460 compatibility, remove when out of support *)
   ; ( "get_host_rrds"
-    , (Get, "/host_rrds", true, [Bool_query_arg "json"], _R_READ_ONLY, [])
+    , (Get, "/host_rrds", false, [Bool_query_arg "json"], _R_READ_ONLY, [])
     )
   ; ( Constants.get_sr_rrd
     , ( Get

ocaml/idl/datamodel_common.ml

@@ -10,7 +10,7 @@ open Datamodel_roles
               to leave a gap for potential hotfixes needing to increment the schema version.*)
 let schema_major_vsn = 5
 
-let schema_minor_vsn = 794
+let schema_minor_vsn = 902
 
 (* Historical schema versions just in case this is useful later *)
 let rio_schema_major_vsn = 5