Keep feature/throttling up to date with master#6842
Merged
Conversation
This change introduces a new pool-level parameter that restricts VNC console access to a single active session per VM/host. This prevents multiple users from simultaneously connecting to the same VM console, preventing one user 'watching' another user operating a session. When the `limit_console_sessions` is true. - Enforced a single active VNC console connection per VM/host - Disable connection to websocket Signed-off-by: Stephen Cheng <stephen.cheng@cloud.com>
…6660) This change introduces a new pool-level parameter that restricts VNC console access to a single active session per VM/host. This prevents multiple users from simultaneously connecting to the same VM console, preventing one user 'watching' another user operating a session. When the `limit_console_sessions` is true. - Enforced a single active VNC console connection per VM/host - Disable connection to websocket
The field sets the maximum time (in seconds) that a VM's console can be idle before it is automatically disconnected. The default value 0 means never timeout. This setting applies only to VM consoles; for host consoles, use the separate parameter 'host.console_idle_timeout'. Signed-off-by: Stephen Cheng <stephen.cheng@cloud.com>
To avoid CI format check error
The parser only parses the message types for client-to-server messsages, aiming to identify message types from clients. Signed-off-by: Stephen Cheng <stephen.cheng@cloud.com>
Two commands are used to set max_cstate: xenpm to set at runtime and xen-cmdline to set it in grub conf file to take effect after reboot. Signed-off-by: Changlei Li <changlei.li@cloud.com>
String is used to represent the max_cstate and max_sub_cstate. "" -> unlimited "N" -> max cstate CN "N,M" -> max cstate CN with max sub state M Just follow the xen-cmdline cstate, see https://xenbits.xen.org/docs/unstable/misc/xen-command-line.html#max_cstate-x86 Signed-off-by: Changlei Li <changlei.li@cloud.com>
Signed-off-by: Changlei Li <changlei.li@cloud.com>
C-states are power management states for CPUs where higher numbered
states represent deeper sleep modes with lower power consumption but
higher wake-up latency. The max_cstate parameter controls the deepest
C-state that CPUs are allowed to enter.
Common C-state values:
- C0: CPU is active (not a sleep state)
- C1: CPU is halted but can wake up almost instantly
- C2: CPU caches are flushed, slightly longer wake-up time
- C3+: Deeper sleep states with progressively longer wake-up times
To set max_cstate on dom0 host, two commands are used: `xenpm` to set at
runtime and `xen-cmdline` to set it in grub conf file to take effect
after reboot.
xenpm examples:
```
# xenpm set-max-cstate 0 0
max C-state set to C0
max C-substate set to 0 succeeded
# xenpm set-max-cstate 0
max C-state set to C0
max C-substate set to unlimited succeeded
# xenpm set-max-cstate unlimited
max C-state set to unlimited
# xenpm set-max-cstate -1
Missing, excess, or invalid argument(s)
```
xen-command-line examples:
```
/opt/xensource/libexec/xen-cmdline --get-xen max_cstate
"" -> unlimited
"max_cstate=N" -> max cstate N
"max_cstate=N,M" -> max cstate N, max c-sub-state M *)
/opt/xensource/libexec/xen-cmdline --set-xen max_cstate=1
/opt/xensource/libexec/xen-cmdline --set-xen max_cstate=1,0
/opt/xensource/libexec/xen-cmdline --delete-xen max_cstate
```
[xen-command-line.max_cstate](https://xenbits.xen.org/docs/unstable/misc/xen-command-line.html#max_cstate-x86).
This PR adds a new field `host.max_cstate` to manage host's max_cstate.
`host.set_max_cstate` use the two commands mentioned above to configure.
While dbsync on xapi start, the filed will be synced by `xen-cmdline
--get-xen max_cstate`
Signed-off-by: Changlei Li <changlei.li@cloud.com>
- write ntp servers to chrony.conf - interaction with dhclient - handle /run/chrony-dhcp/$interface.sources - handle chrony.sh - restart/enable/disable chronyd Signed-off-by: Changlei Li <changlei.li@cloud.com>
This commit adds idle timeout feature for vnc console connections. Key changes: - Add idle timeout detection by monitoring RFB keyEvent and pointerEvent. - Add callback function to `proxy` to parse the RFB messages and determine if the connection is idle or not. Signed-off-by: Stephen Cheng <stephen.cheng@cloud.com>
This commit adds idle timeout feature for vnc console connections. Key changes: - Add idle timeout detection by monitoring RFB keyEvent and pointerEvent. - Add callback function to `proxy` to parse the RFB messages and determine if the connection is idle or not.
Add detailed reason in http response when console connection limits are exceeded. Signed-off-by: Stephen Cheng <stephen.cheng@cloud.com>
Signed-off-by: Changlei Li <changlei.li@cloud.com>
Signed-off-by: Changlei Li <changlei.li@cloud.com>
At XAPI start, check the actual NTP config to determine the ntp mode, ntp enabled, ntp custom servers and store in xapi DB. Signed-off-by: Changlei Li <changlei.li@cloud.com>
Signed-off-by: Changlei Li <changlei.li@cloud.com>
Signed-off-by: Changlei Li <changlei.li@cloud.com>
New filed: `host.ntp_mode`, `host.ntp_custom_servers` New API: `host.set_ntp_mode`, `host.set_ntp_custom_servers`, `host.get_ntp_mode`, `host.get_ntp_custom_servers`, `host.get_ntp_servers_status`. **ntp_mode_dhcp**: In this mode, ntp uses the dhcp assigned ntp servers as sources. In Dom0, dhclient triggers `chrony.sh` to update the ntp servers when network event happens. It writes ntp servers to `/run/chrony-dhcp/$interface.sources` and the dir `/run/chrony-dhcp` is included in `chrony.conf`. The dhclient also stores dhcp lease in `/var/lib/xcp/dhclient-$interface.leases`, see https://github.com/xapi-project/xen-api/blob/v25.31.0/ocaml/networkd/lib/network_utils.ml#L925. When switch ntp mode to dhcp, XAPI checks the lease file and finds ntp server then fills chrony-dhcp file. The exec permission of `chrony.sh` is added. When swith ntp mode from dhcp to others, XAPI removes the chrony-dhcp files and the exec permission of `chrony.sh`. The operation is same with xsconsole https://github.com/xapi-project/xsconsole/blob/v11.1.1/XSConsoleData.py#L593. In this feature, xsconsole will change to use XenAPI to manage ntp later to avoid conflict. **ntp_mode_custom**: In this mode, ntp uses `host.ntp_custom_servers` as sources. This is implemented by changing `chrony.conf` and restart chronyd. `host.ntp_custom_servers` is set by the user. **ntp_mode_default**: In this mode, ntp uses default-ntp-servers in XAPI config file.
For example, the legacy default ntp servers are [0-3].centos.pool.ntp.org, and current default ntp servers are [0-3].xenserver.pool.ntp.org. After update or upgrade, the legacy default ntp servers are recognized and changed to current default ntp servers. The mode is ntp_mode_default as well. Signed-off-by: Changlei Li <changlei.li@cloud.com>
For example, the legacy default ntp servers are `[0-3].centos.pool.ntp.org`, and current default ntp servers are `[0-3].xenserver.pool.ntp.org`. After update or upgrade, the legacy default ntp servers are recognized and changed to current default ntp servers. The mode is `ntp_mode_default` as well. Add a new config option named legacy-default-ntp-servers. It will be defined in xapi.conf.d/xenserver.conf (the same with default-ntp-servers)
Fix conflicts Signed-off-by: Stephen Cheng <stephen.cheng@citrix.com>
Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
This commit adds three fields to VM_metrics: - numa_optimised: bool - whether a VM is optimised for NUMA - numa_nodes: int - number of NUMA nodes associated with VM - numa_node_memory: Map(int, int) - amount of VM memory in NUMA node X Signed-off-by: Christian Pardillo Laursen <christian.pardillolaursen@citrix.com>
Signed-off-by: Christian Pardillo Laursen <christian.pardillolaursen@citrix.com>
The error is insufficient to know what capabilities are missing, consolidating code before the change is useful Signed-off-by: Pau Ruiz Safont <pau.safont@vates.tech>
The error does not make it clear at all what are the capabilities that are stopping it from supporting migration, which makes debugging issues difficult, add a string that contains them. This can be easily ignored by default in clients, but the information is easily available if needed. Signed-off-by: Pau Ruiz Safont <pau.safont@vates.tech>
…ror (#6829) The error does not make it clear at all what are the capabilities that are stopping it from supporting migration, which makes debugging issues difficult, add a string that contains them. This can be easily ignored by default in clients, but the information is easily available if needed. We have come up with an issue where the migration is blocked, but the SM seems to report the correct capabilities, so more information is needed to understand the error.
Signed-off-by: Changlei Li <changlei.li@cloud.com>
The param_release in create_params is not generated automatically. I have checked the commits when they are added and their next tag to determine which version they are in.
The bug is present in the if option, which mangles the matches inside any if expression. ocaml-ppx/ocamlformat#2766 Work around it using the k-r option. It's not how we want it, but it's the closest Signed-off-by: Pau Ruiz Safont <pau.safont@vates.tech>
Signed-off-by: Pau Ruiz Safont <pau.safont@vates.tech>
Signed-off-by: Pau Ruiz Safont <pau.safont@vates.tech>
We're changing the formatting of the ifs because of a bug in ocamlformat, but otherwise the changes to jump to the newest version are needed anyway
9a468bf updated samba to 4.2x and keep legacy configuration in smb.conf conditionally for backward compatibility. Now samba binary is updated in all releases, this commit just drop the legacy configurations Signed-off-by: Lin Liu <lin.liu01@citrix.com>
Small updates to schema hash and format after merging origin/master into the branch. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
The feature branch was updated: * adjust schema hash * reformat to adapt to new ocamlformat * updated API lifecycle (which is auto-generated)
Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
https://xenbits.xen.org/gitweb/?p=xen.git;a=commitdiff;h=e36c106b0b0e66c43855cdfdb6d41356c57ec577 Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
https://xenbits.xen.org/gitweb/?p=xen.git;a=commitdiff;h=fb45a35ad7832ea606fa741e10bacd5691b1dd65 Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
DNF5 logs command-line arguments to /var/log/dnf5.log, exposing proxy_password when passed via `dnf config-manager setopt`. Write proxy credentials directly to the .repo file (mode 0o400) and remove them after sync completes to avoid password exposure in logs. Signed-off-by: Stephen Cheng <stephen.cheng@citrix.com>
9a468bf updated samba to 4.2x and keep legacy configuration in smb.conf conditionally for backward compatibility. Now samba binary is updated in all releases, this commit just drop the legacy configurations
Signed-off-by: Stephen Cheng <stephen.cheng@citrix.com>
When a CDR is removed from an ISO SR the corresponding VDI is deleted. This is not obvious in the logs because some logs refer to the VDI by reference and others by UUID. Tie this together. Signed-off-by: Christian Lindig <christian.lindig@citrix.com>
When a CDR is removed from an ISO SR the corresponding VDI is deleted. This is not obvious in the logs because some logs refer to the VDI by reference and others by UUID. Tie this together.
…ne (#6836) DNF5 logs command-line arguments to /var/log/dnf5.log, exposing proxy_password when passed via `dnf config-manager setopt`. Write proxy credentials directly to the .repo file (mode 0o400) and remove them after sync completes to avoid password exposure in logs. Tested: 4530865 CloudRepoUpdate With the fix, threre's no password. ``` # grep password /var/log/dnf5* [root@genus-34-01d ~]# ``` 4530867 CloudRepoUpdate Without the fix, there're passwords in the logs. ``` # grep password /var/log/dnf5* /var/log/dnf5.log:2026-01-14T09:44:42+0000 [33030] INFO --- DNF5 launched with arguments: "/usr/bin/dnf config-manager setopt remote-49e2ea36-154c-9fd4-51bb-4b319d25d05a.proxy=http://10.62.50.94:3128 remote-49e2ea36-154c-9fd4-51bb-4b319d25d05a.proxy_username=debian remote-49e2ea36-154c-9fd4-51bb-4b319d25d05a.proxy_password=JwNm8I2rAxlB" --- /var/log/dnf5.log.1:2026-01-14T09:44:42+0000 [33023] INFO --- DNF5 launched with arguments: "/usr/bin/dnf config-manager setopt remote-9b300a0d-765a-3426-5ad2-0384bc427c28.proxy=http://10.62.50.94:3128 remote-9b300a0d-765a-3426-5ad2-0384bc427c28.proxy_username=debian remote-9b300a0d-765a-3426-5ad2-0384bc427c28.proxy_password=JwNm8I2rAxlB" --- ```
This patch adds a helper to compute the free space on a SR. It is used to check that the suspend SR has enough space when creating a snapshot with memory. If there is not enough space, SR_SUSPEND_SPACE_INSUFFICIENT is raised. Signed-off-by: Guillaume <guillaume.thouvenin@vates.tech>
If you do not know the amount of space required when calling this function, you can pass None. This patch allows us to detect, before attempting to save the VM state, that there is not enough available space on the SR. We have seen failures for some customers when snapshotting with memory, and it was not easy to determine that the SR did not have enough space, because it was not the SR on which the VM was resident. With this patch, the error is clearer and is raised much earlier.
changlei-li
approved these changes
Jan 20, 2026
lindig
approved these changes
Jan 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.