WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-api

[Xen-API] [PATCH] CA-36013: Various fixes to the session cache handling.

To: xen-api@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-API] [PATCH] CA-36013: Various fixes to the session cache handling.
From: Thomas Gazagnaire <thomas.gazagnaire@xxxxxxxxxx>
Date: Mon, 18 Jan 2010 15:31:18 +0000
Delivery-date: Mon, 18 Jan 2010 07:31:15 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-api-request@lists.xensource.com?subject=help>
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post: <mailto:xen-api@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-api-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Thomas Gazagnaire <thomas.gazagnaire@xxxxxxxxxx>
CA-36013: Various fixes to the session cache handling.

* invalidate the local session cache when an INVALID_SESSION has been caught 
and retry the current function at most 5 times;
* also add a maximum life-length for the cached session (of 1h).

Signed-off-by: Thomas Gazagnaire <thomas.gazagnaire@xxxxxxxxxx>

diff -r fedd6ba286b7 ocaml/xapi/helpers.ml
--- a/ocaml/xapi/helpers.ml     Fri Jan 15 18:07:00 2010 +0000
+++ b/ocaml/xapi/helpers.ml     Mon Jan 18 15:29:20 2010 +0000
@@ -99,6 +99,33 @@
     ~port:!Xapi_globs.https_port ~path:"/" xml 
     (* No auth needed over unix domain socket *)
 
+(* Cache an internal session with its timestamp of creation *)
+let internal_session : ([`session] Ref.t * float) option ref = ref None
+
+ (* Cached internal session are refreshed every hour for security reasons *)
+let internal_session_timeout = 60. *. 60.
+
+let internal_session_mutex = Mutex.create ()
+
+(* Reset the internal session cache *)
+let reset_internal_session_cache () =
+       debug "Reseting the internal session cache";
+       Mutex.execute internal_session_mutex (fun () -> internal_session := 
None)
+
+let rec get_internal_session login_fn =
+       Mutex.execute internal_session_mutex (fun () ->
+               match !internal_session with
+               | None ->
+                       let session = login_fn () in
+                       internal_session := Some (session, Unix.time ());
+                       session
+               | Some (session, timestamp) ->
+                       if Unix.time() -. timestamp > internal_session_timeout 
then begin
+                               reset_internal_session_cache ();
+                               get_internal_session login_fn;
+                       end else
+                               session)
+
 let do_internal_login ~__context =
        let login =
                if Pool_role.is_master () then
@@ -117,14 +144,19 @@
                                 let session_id = 
Client.Client.Session.slave_login rpc (get_localhost ~__context) 
!Xapi_globs.pool_secret in
                                 debug "slave login done";
                                 session_id) in
-       Xapi_globs.get_internal_session login
+       get_internal_session login
 
-let with_cached_session ~__context fn =
+let rec with_cached_session ~__context ?(iter=1) fn =
        try fn (do_internal_login ~__context)
-       with Api_errors.Server_error (error,_) as e when error = 
Api_errors.session_authentication_failed ->
-               Xapi_globs.reset_internal_session_cache ();
-               debug "remote client call finished with exception %s; cleaning 
the session cache" (Printexc.to_string e);
-               raise e
+       with Api_errors.Server_error (error,_) as e when error = 
Api_errors.session_invalid  ->
+               if iter <= 5 then begin
+                       let delay = 0.5 *. exp (float_of_int iter)  in
+                       debug "The master does not recognize the cached session 
anymore; cleaning-up the cache and waiting for %fs before retrying (attempt 
%d/5)." delay iter;
+                       reset_internal_session_cache ();
+                       Thread.delay delay;
+                       with_cached_session ~__context ~iter:(iter+1) fn
+               end else
+                       raise e
 
 (** Log into pool master using the client code, call a function
     passing it the rpc function and session id, logout when finished. *)
diff -r fedd6ba286b7 ocaml/xapi/xapi_globs.ml
--- a/ocaml/xapi/xapi_globs.ml  Fri Jan 15 18:07:00 2010 +0000
+++ b/ocaml/xapi/xapi_globs.ml  Mon Jan 18 15:29:20 2010 +0000
@@ -23,20 +23,6 @@
 
 let pool_secret_path = "/etc/xensource/ptoken"
 let pool_secret = ref ""
-let internal_session : [`session] Ref.t option ref = ref None
-
-let internal_session_mutex = Mutex.create ()
-let get_internal_session login_fn =
-       Mutex.execute internal_session_mutex (fun () ->
-               match !internal_session with
-               | None ->
-                         let session = login_fn () in
-                         internal_session := Some session;
-                         session
-               | Some session -> session)
-let reset_internal_session_cache () =
-       Mutex.execute internal_session_mutex (fun () -> internal_session := 
None)
-
 let localhost_ref : [`host] Ref.t ref = ref Ref.null
 
 (* xapi version *)

Attachment: api-fix-xapi-restart-on-master
Description: Text document

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-API] [PATCH] CA-36013: Various fixes to the session cache handling., Thomas Gazagnaire <=