sync master to feature branch#7040
Merged
liulinC merged 90 commits intoxapi-project:feature/ldapsfrom Apr 29, 2026
Merged
Conversation
Also introduce a batching delay on all Event.{from,next} calls, except
Event.from calls for tasks. This should help batch up multiple events from
field updates.
There are no extra delays for tasks, because these typically aren't immediately ready,
and when they are we want to immediately find out about it.
This is part of the "feature flag" that turns on the feature
(previously you could've manually edited xapi.conf to make these changes.)
Signed-off-by: Edwin Török <edwin.torok@cloud.com>
This will enable short-circuiting internal API calls. When the FD is missing mark the call as Internal. Signed-off-by: Edwin Török <edwin.torok@cloud.com>
Signed-off-by: Edwin Török <edwin.torok@citrix.com>
Instead of xmlrpc Signed-off-by: Edwin Török <edwin.torok@citrix.com>
…forward the API call directly like we do with the CLI for calls to the coordinator when we are the coordinator Signed-off-by: Edwin Török <edwin.torok@citrix.com>
This has been benchmarked as part of an ocaml-rpc change.
The tail-modulo-cons (TMC) version is the fastest:
```
map/List.map (ns):
{ monotonic-clock per run = 1367.762962 (confidence: 1427.389585 to 1335.537246);
r² = Some 0.885423 }
map/List.rev_map + List.rev (ns):
{ monotonic-clock per run = 758.812720 (confidence: 763.894690 to 753.944851);
r² = Some 0.992898 }
map/TMC map (ns):
{ monotonic-clock per run = 584.662582 (confidence: 589.477056 to 579.975956);
r² = Some 0.991475 }
```
Signed-off-by: Edwin Török <edwin.torok@citrix.com>
Avoid allocating a string for each char. The next step will be to switch to upstream Xmlm for output too (it is currently only used for input). That one has a more optimized escaping function, that can efficiently skip over chars that don't need escaping. Signed-off-by: Edwin Török <edwin.torok@cloud.com>
Signed-off-by: Edwin Török <edwin.torok@citrix.com>
Similar to the ones I've done in `ocaml-rpc`. Ideally we'd drop the duplicate implementation from here, and use the one from `ocaml-rpc` directly, but that is a bigger and riskier change (in case we had some custom hacks in our XML format that some tool ended up relying on). The biggest improvement here is from not calling `String.make 1 c` on each character anymore.
…t#6970) Targeting a feature branch, where it can all be merged to master once testing is complete.
- Update error codes * Current error code handing requires POOL_AUTH_ENABLE_FAILED error code prefix for enabling failed * Replace AUTH_LDAPS_PING_FAILED to general AUTH_SET_LDAPS_FAILED and provide ldaps failed as error message - Drop xapi configuration support * /etc/samba/smb.extra.conf drop the xapi configure passthrough - Log warning instead of sending warning message on ldap query failed * It is the current behavior * Send warning message got circle dependencies Xapi_subject->Xapi_messsage->Xapi_http->Xapi_session ->Xapi_subject This is because xapi message itself requires subject auth Signed-off-by: Lin Liu <lin.liu01@citrix.com>
- Update error codes * Current error code handing requires POOL_AUTH_ENABLE_FAILED error code prefix for enabling failed * Replace AUTH_LDAPS_PING_FAILED to general AUTH_SET_LDAPS_FAILED and provide ldaps failed as error message - Drop xapi configuration support * /etc/samba/smb.extra.conf drop the xapi configure passthrough - Log warning instead of sending warning message on ldap query failed * It is the current behavior * Send warning message got circle dependencies Xapi_subject->Xapi_messsage->Xapi_http->Xapi_session ->Xapi_subject This is because xapi message itself requires subject auth
Signed-off-by: Konstantina Chremmou <konstantina.chremmou@cloud.com>
…project#6974) Also introduce a batching delay on all Event.{from,next} calls, except Event.from calls for tasks. This should help batch up multiple events from field updates. There are no extra delays for tasks, because these typically aren't immediately ready, and when they are we want to immediately find out about it. This is part of the "feature flag" that turns on the feature (previously you could've manually edited xapi.conf to make these changes.)
A new live patch update may drop live patch support for a component running with an old version. This means the old version is EOL in sense of live patching support. Previously, the logic collected all live patches that shared the same base build ID for the running component and treated them as cumulatively applicable. With this change, if the base build ID is marked EOL in the latest relevant update (for the same live patching component), the component is considered not live‑patchable. Signed-off-by: Ming Lu <ming.lu@cloud.com>
Signed-off-by: Ming Lu <ming.lu@cloud.com>
…ault value. Signed-off-by: Konstantina Chremmou <konstantina.chremmou@citrix.com>
- Made methods JsonRpc.Rpc() and JsonRpc.CreateSerializer() protected. - Deprecated a number of instance Session methods in favour of the static counterparts. - Removed property Session.Roles (which was a XenCenter-ism) - Corrected the output of Session.get_record and the return type of Session.logout_subject_identifier - Session.change_password(Session, string, string) is now static. - Fields Session.Proxy, Session.Tag, Session.APIVersion were converted to properties. Signed-off-by: Konstantina Chremmou <konstantina.chremmou@citrix.com>
Signed-off-by: Konstantina Chremmou <konstantina.chremmou@citrix.com>
Signed-off-by: Konstantina Chremmou <konstantina.chremmou@citrix.com>
… /vm_rrd are already exposed. Signed-off-by: Konstantina Chremmou <konstantina.chremmou@citrix.com>
Signed-off-by: Konstantina Chremmou <konstantina.chremmou@citrix.com>
Signed-off-by: Konstantina Chremmou <konstantina.chremmou@citrix.com>
…rsion to 17 (LTS) Signed-off-by: Konstantina Chremmou <konstantina.chremmou@cloud.com> Signed-off-by: Konstantina Chremmou <konstantina.chremmou@citrix.com>
Signed-off-by: Konstantina Chremmou <konstantina.chremmou@citrix.com>
…mporting the module. Signed-off-by: Konstantina Chremmou <konstantina.chremmou@citrix.com>
`exec_with_new_*` function create orphaned traces for subtasks with parents not in the database. This is meant to address this and link these spans to their correct parent. Signed-off-by: Gabriel Buica <danutgabriel.buica@citrix.com>
There is a minor change in the datamodel, the rest are SDK files. These changes will need porting to `26.1-lcm` afterwards.
…ons (xapi-project#6989) A new live patch update may drop live patch support for a component running with an old version. This means the old version is EOL in sense of live patching support. Previously, the logic collected all live patches that shared the same base build ID for the running component and treated them as cumulatively applicable. With this change, if the base build ID is marked EOL in the latest relevant update (for the same live patching component), the component is considered not live‑patchable
Also remove all indiscriminate opens against it Signed-off-by: Pau Ruiz Safont <pau.ruizsafont@cloud.com> Signed-off-by: Pau Ruiz Safont <pau.safont@vates.tech>
Signed-off-by: Pau Ruiz Safont <pau.ruizsafont@cloud.com> Signed-off-by: Pau Ruiz Safont <pau.safont@vates.tech>
String.replaced is an alias of map_unlikely. This names makes the intent
of the function clearer. Because a function to replace the characters is
exposed, users are less likely to fall into the pitfall of using lists.
Lists not only are very slow, but allow users to have more than one
replacement rule per character, possibly introducing mistakes.
If a plain match function cannot be produced and a list needs to be used,
users can convert it to a Char.Map and do the match with a find_opt.
This approach ends up being ~60-70% faster than using plain lists.
The benchmark comparing the new approach with the old one:
String size 100:
Optimized: 236.556 μs
Reference: 1861.600 μs
Improvement: 87.3% faster
String size 500:
Optimized: 1099.030 μs
Reference: 9665.405 μs
Improvement: 88.6% faster
String size 1000:
Optimized: 2198.777 μs
Reference: 19115.019 μs
Improvement: 88.5% faster
Signed-off-by: Pau Ruiz Safont <pau.safont@vates.tech>
Not only it's more efficient, but it's also more ergonomic Signed-off-by: Pau Ruiz Safont <pau.ruizsafont@cloud.com> Signed-off-by: Pau Ruiz Safont <pau.safont@vates.tech>
The former didn't have any tests and the performance is unknown Signed-off-by: Pau Ruiz Safont <pau.ruizsafont@cloud.com> Signed-off-by: Pau Ruiz Safont <pau.safont@vates.tech>
This also allows to drop String.isspace Signed-off-by: Pau Ruiz Safont <pau.ruizsafont@cloud.com> Signed-off-by: Pau Ruiz Safont <pau.safont@vates.tech>
I added some cases in preparation to change its implementation Signed-off-by: Pau Ruiz Safont <pau.safont@vates.tech>
The few users that needed to replace strings, have been replaced with Astring's cuts, as most of them were already segmenting strings, or they are run in very specific, infrequent codepaths for efficiency to not matter. Others have been replaced by Astring's filter as they were removing characters, and the rest have been converted to the new String.replace. map_unlikely can be removed from the interface and only have String.replaced and String.replace Signed-off-by: Pau Ruiz Safont <pau.ruizsafont@cloud.com> Signed-off-by: Pau Ruiz Safont <pau.safont@vates.tech>
…api-project#6795) The Listext module has a lot of baggage that can be replace with Stdlib, Astring. And what cannot be replaced, it can be made better, especially the escaping. There are quite a few changes, so it's better to review commit-by-commit. I need to do some testing to make sure all changes here are safe and undraft this
Signed-off-by: Chunjie Zhu <chunjie.zhu@cloud.com>
Signed-off-by: Gabriel Buica <danutgabriel.buica@citrix.com>
In XSI-2198, user login failed due to wbinfo failed to report subject details. However, this information is available in db To fix the problem, we enhance as follows - First try to find the details in xapi db - If not found, try wbinfo - Raise Error if neither got the details. Note: the wbinfo is required during subject-add where xapi db does not hve the details. Signed-off-by: Lin Liu <lin.liu01@citrix.com>
Microsoft Secure Boot certificates from 2011 are reaching end-of-life, and legacy VMs may still contain only the old certificate set. We design an out-of-band mechanism to update per-VM UEFI Secure Boot variables safely and at scale.
…#7017) In XSI-2198, user login failed due to wbinfo failed to report subject details. However, this information is available in db To fix the problem, we enhance as follows - First try to find the details in xapi db - If not found, try wbinfo - Raise Error if neither got the details. Note: the wbinfo is required during subject-add where xapi db does not hve the details.
Signed-off-by: Lin Liu <lin.liu01@citrix.com>
Builds on top of xapi-project#6991 The session reuse logic in `xapi_session.ml` does work in this usecase, sm calls are made with `pool=false`. So reimplement the logic so that we use a single session for `sm_exec` per sr. This is achieved by having a hashtable that maps SRs to a corresponding session. The session is created the first time a particular SR needs it and then get reused afterwards. The session gets recreated only if it becomes invalid. This should help the number of database calls during congestion times. Passes BVT and BST.
Signed-off-by: Changlei Li <changlei.li@citrix.com>
A mistake in xapi-project#6795 that breaks quicktest.
There is no use case for it anymore. This is part of XSA-489 / CVE-2026-23559. Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
This code is either obsolete or should use a first-class field (TBD). This is part of XSA-489 / CVE-2026-23560. Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
This code is either obsolete or should use a first-class field (TBD). This is part of XSA-489 / CVE-2026-23560.
There is no use case for it anymore. This is part of XSA-489 / CVE-2026-23559.
This code is either obsolete or should use a first-class field (TBD). This is part of XSA-489 / CVE-2026-23561. Signed-off-by: Rob Hoes <rob.hoes@citrix.com>
…oject#7033) This code is either obsolete or should use a first-class field (TBD). This is part of XSA-489 / CVE-2026-23561.
Collaborator
Author
|
minglumlu
approved these changes
Apr 28, 2026
changlei-li
approved these changes
Apr 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.