XAPI throttling proof of concept

.git-blame-ignore-revs

@@ -33,6 +33,7 @@ b12cf444edea15da6274975e1b2ca6a7fce2a090
 364c27f5d18ab9dd31825e67a93efabecad06823
 d8b4de9076531dd13bdffa20cc10c72290a52356
 bdf06bca7534fbc0c4fc3cee3408a51a22615226
+eefc649e17086fbc200e4da114ea673825e79864
 
 # ocp-indent
 d018d26d6acd4707a23288b327b49e44f732725e

doc/content/toolstack/features/Tracing/index.md

@@ -81,14 +81,17 @@ and also assist newcomers in onboarding to the project.
 
 By default, traces are generated locally in the `/var/log/dt` directory. You can copy or forward
 these traces to another location or endpoint using the `xs-trace` tool. For example, if you have
-a *Jaeger* server running locally, you can run:
+a *Jaeger* server running locally, you can copy a trace to an endpoint by running:
 
 ```sh
-xs-trace /var/log/dt/ http://127.0.0.1:9411/api/v2/spans
+xs-trace cp /var/log/dt/ http://127.0.0.1:9411/api/v2/spans
 ```
 
 You will then be able to visualize the traces in Jaeger.
 
+The `xs-trace` tool also supports trace files in `.ndjson` and compressed `.zst` formats, so
+you can copy or forward these files directly as well.
+
 ### Tagging Trace Sessions for Easier Search
 
 #### Specific attributes

dune-project

@@ -52,6 +52,13 @@
  (name tgroup)
  (depends xapi-log xapi-stdext-unix))
 
+(package
+ (name rate-limit)
+ (synopsis "Simple token bucket-based rate-limiting")
+ (depends
+   (ocaml (>= 4.12))
+   xapi-log xapi-stdext-unix))
+
 (package
  (name xml-light2))
 
@@ -586,14 +593,25 @@
   (depends
     qcow-stream
     cmdliner
+    yojson
   )
 )
 
 (package
  (name varstored-guard))
 
 (package
- (name uuid))
+ (name uuid)
+ (synopsis "Library used by xapi to generate database UUIDs")
+ (description
+  "This library allows xapi to use UUIDs with phantom types to avoid mixing UUIDs from different classes of objects. It's based on `uuidm`.")
+ (depends
+   (alcotest :with-test)
+   (fmt :with-test)
+   ptime
+   uuidm
+ )
+)
 
 (package
  (name stunnel)

ocaml/idl/datamodel.ml

@@ -10535,6 +10535,7 @@ let all_system =
   ; Datamodel_vm_group.t
   ; Datamodel_host_driver.t
   ; Datamodel_driver_variant.t
+  ; Datamodel_rate_limit.t
   ]
 
 (* If the relation is one-to-many, the "many" nodes (one edge each) must come before the "one" node (many edges) *)
@@ -10786,6 +10787,7 @@ let expose_get_all_messages_for =
   ; _observer
   ; _host_driver
   ; _driver_variant
+  ; _rate_limit
   ]
 
 let no_task_id_for = [_task; (* _alert; *) _event]
@@ -11142,6 +11144,10 @@ let http_actions =
   ; ("put_bundle", (Put, Constants.put_bundle_uri, true, [], _R_POOL_OP, []))
   ]
 
+(* Actions that incorporate the rate limiter from Xapi_rate_limiting within their handler
+   For now, just RPC calls *)
+let custom_rate_limit_http_actions = ["post_root"; "post_RPC2"; "post_jsonrpc"]
+
 (* these public http actions will NOT be checked by RBAC *)
 (* they are meant to be used in exceptional cases where RBAC is already *)
 (* checked inside them, such as in the XMLRPC (API) calls *)

ocaml/idl/datamodel_common.ml

@@ -315,6 +315,8 @@ let _host_driver = "Host_driver"
 
 let _driver_variant = "Driver_variant"
 
+let _rate_limit = "Rate_limit"
+
 let update_guidances =
   Enum
     ( "update_guidances"

ocaml/idl/datamodel_host.ml

@@ -1209,6 +1209,41 @@ let license_remove =
        to the unlicensed edition"
     ~allowed_roles:_R_POOL_OP ()
 
+let host_numa_affinity_policy =
+  Enum
+    ( "host_numa_affinity_policy"
+    , [
+        ("any", "VMs are spread across all available NUMA nodes")
+      ; ( "best_effort"
+        , "VMs are placed on the smallest number of NUMA nodes that they fit \
+           using soft-pinning, but the policy doesn't guarantee a balanced \
+           placement, falling back to the 'any' policy."
+        )
+      ; ( "default_policy"
+        , "Use the NUMA affinity policy that is the default for the current \
+           version"
+        )
+      ]
+    )
+
+let latest_synced_updates_applied_state =
+  Enum
+    ( "latest_synced_updates_applied_state"
+    , [
+        ( "yes"
+        , "The host is up to date with the latest updates synced from remote \
+           CDN"
+        )
+      ; ( "no"
+        , "The host is outdated with the latest updates synced from remote CDN"
+        )
+      ; ( "unknown"
+        , "If the host is up to date with the latest updates synced from \
+           remote CDN is unknown"
+        )
+      ]
+    )
+
 let create_params =
   [
     {
@@ -1398,6 +1433,51 @@ let create_params =
     ; param_release= numbered_release "25.32.0-next"
     ; param_default= Some (VMap [])
     }
+  ; {
+      param_type= Bool
+    ; param_name= "https_only"
+    ; param_doc=
+        "updates firewall to open or close port 80 depending on the value"
+    ; param_release= numbered_release "25.38.0-next"
+    ; param_default= Some (VBool false)
+    }
+  ; {
+      param_type= host_numa_affinity_policy
+    ; param_name= "numa_affinity_policy"
+    ; param_doc= "NUMA-aware VM memory and vCPU placement policy"
+    ; param_release= numbered_release "25.39.0-next"
+    ; param_default= Some (VEnum "default_policy")
+    }
+  ; {
+      param_type= latest_synced_updates_applied_state
+    ; param_name= "latest_synced_updates_applied"
+    ; param_doc=
+        "Default as 'unknown', 'yes' if the host is up to date with updates \
+         synced from remote CDN, otherwise 'no'"
+    ; param_release= numbered_release "25.39.0-next"
+    ; param_default= Some (VSet [])
+    }
+  ; {
+      param_type= Set update_guidances
+    ; param_name= "pending_guidances_full"
+    ; param_doc=
+        "The set of pending full guidances after applying updates, which a \
+         user should follow to make some updates, e.g. specific hardware \
+         drivers or CPU features, fully effective, but the 'average user' \
+         doesn't need to"
+    ; param_release= numbered_release "25.39.0-next"
+    ; param_default= Some (VSet [])
+    }
+  ; {
+      param_type= Set update_guidances
+    ; param_name= "pending_guidances_recommended"
+    ; param_doc=
+        "The set of pending recommended guidances after applying updates, \
+         which most users should follow to make the updates effective, but if \
+         not followed, will not cause a failure"
+    ; param_release= numbered_release "25.39.0-next"
+    ; param_default= Some (VSet [])
+    }
   ]
 
 let create =
@@ -1416,6 +1496,7 @@ let create =
            --console_idle_timeout --ssh_auto_mode options to allow them to be \
            configured for new host"
         )
+      ; (Changed, "25.38.0-next", "Added --https_only to disable http")
       ]
     ~versioned_params:create_params ~doc:"Create a new host record"
     ~result:(Ref _host, "Reference to the newly created host object.")
@@ -2302,23 +2383,6 @@ let cleanup_pool_secret =
       ]
     ~allowed_roles:_R_LOCAL_ROOT_ONLY ~hide_from_docs:true ()
 
-let host_numa_affinity_policy =
-  Enum
-    ( "host_numa_affinity_policy"
-    , [
-        ("any", "VMs are spread across all available NUMA nodes")
-      ; ( "best_effort"
-        , "VMs are placed on the smallest number of NUMA nodes that they fit \
-           using soft-pinning, but the policy doesn't guarantee a balanced \
-           placement, falling back to the 'any' policy."
-        )
-      ; ( "default_policy"
-        , "Use the NUMA affinity policy that is the default for the current \
-           version"
-        )
-      ]
-    )
-
 let set_numa_affinity_policy =
   call ~name:"set_numa_affinity_policy" ~lifecycle:[]
     ~doc:"Set VM placement NUMA affinity policy"
@@ -2526,24 +2590,6 @@ let update_firewalld_service_status =
        status."
     ~allowed_roles:_R_POOL_OP ()
 
-let latest_synced_updates_applied_state =
-  Enum
-    ( "latest_synced_updates_applied_state"
-    , [
-        ( "yes"
-        , "The host is up to date with the latest updates synced from remote \
-           CDN"
-        )
-      ; ( "no"
-        , "The host is outdated with the latest updates synced from remote CDN"
-        )
-      ; ( "unknown"
-        , "If the host is up to date with the latest updates synced from \
-           remote CDN is unknown"
-        )
-      ]
-    )
-
 let get_tracked_user_agents =
   call ~name:"get_tracked_user_agents" ~lifecycle:[]
     ~doc:

ocaml/idl/datamodel_lifecycle.ml

@@ -1,4 +1,6 @@
 let prototyped_of_class = function
+  | "Rate_limit" ->
+      Some "25.39.0"
   | "Driver_variant" ->
       Some "25.2.0"
   | "Host_driver" ->
@@ -13,6 +15,14 @@ let prototyped_of_class = function
       None
 
 let prototyped_of_field = function
+  | "Rate_limit", "fill_rate" ->
+      Some "25.39.0"
+  | "Rate_limit", "burst_size" ->
+      Some "25.39.0"
+  | "Rate_limit", "client_id" ->
+      Some "25.39.0"
+  | "Rate_limit", "uuid" ->
+      Some "25.39.0"
   | "Driver_variant", "status" ->
       Some "25.2.0"
   | "Driver_variant", "priority" ->

ocaml/idl/datamodel_rate_limit.ml

@@ -0,0 +1,40 @@
+(*
+ * Copyright (C) 2023 Cloud Software Group
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published
+ * by the Free Software Foundation; version 2.1 only. with the special
+ * exception on linking described in file LICENSE.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *)
+
+open Datamodel_types
+open Datamodel_common
+open Datamodel_roles
+
+let lifecycle = []
+
+let t =
+  create_obj ~name:_rate_limit ~descr:"Rate limiting policy for a XAPI client"
+    ~doccomments:[] ~gen_constructor_destructor:true ~gen_events:true
+    ~in_db:true ~lifecycle:[] ~persist:PersistEverything ~in_oss_since:None
+    ~messages_default_allowed_roles:_R_POOL_ADMIN
+    ~contents:
+      ([uid _rate_limit ~lifecycle]
+      @ [
+          field ~qualifier:StaticRO ~ty:String ~lifecycle "client_id"
+            "An identifier for the rate limited client" ~ignore_foreign_key:true
+            ~default_value:(Some (VString ""))
+        ; field ~qualifier:StaticRO ~ty:Float ~lifecycle "burst_size"
+            "Amount of tokens that can be consumed in one burst"
+            ~ignore_foreign_key:true ~default_value:(Some (VFloat 0.))
+        ; field ~qualifier:StaticRO ~ty:Float ~lifecycle "fill_rate"
+            "Tokens added to token bucket per second" ~ignore_foreign_key:true
+            ~default_value:(Some (VFloat 0.))
+        ]
+      )
+    ~messages:[] ()

ocaml/idl/dune

@@ -7,7 +7,7 @@
     datamodel_values datamodel_schema datamodel_certificate
     datamodel_diagnostics datamodel_repository datamodel_lifecycle
     datamodel_vtpm datamodel_observer datamodel_vm_group api_version
-    datamodel_host_driver datamodel_driver_variant)
+    datamodel_host_driver datamodel_driver_variant datamodel_rate_limit)
   (libraries
     rpclib.core
     sexplib0
@@ -64,9 +64,9 @@
 )
 
 (tests
-  (names schematest test_datetimes)
+  (names schematest test_datetimes test_host)
   (modes exe)
-  (modules schematest test_datetimes)
+  (modules schematest test_datetimes test_host)
   (libraries
     astring
     rpclib.core

ocaml/idl/schematest.ml

@@ -3,7 +3,7 @@ let hash x = Digest.string x |> Digest.to_hex
 (* BEWARE: if this changes, check that schema has been bumped accordingly in
    ocaml/idl/datamodel_common.ml, usually schema_minor_vsn *)
 
-let last_known_schema_hash = "3b20f4304cfaaa7b6213af91ae632e64"
+let last_known_schema_hash = "4708cb1f0cf7c1231c6958590ee1ed04"
 
 let current_schema_hash : string =
   let open Datamodel_types in

ocaml/idl/test_host.ml

@@ -0,0 +1,31 @@
+module DT = Datamodel_types
+module FieldSet = Astring.String.Set
+
+let recent_field (f : DT.field) = f.lifecycle.transitions = []
+
+let rec field_full_names = function
+  | DT.Field f ->
+      if recent_field f then
+        f.full_name |> String.concat "_" |> Seq.return
+      else
+        Seq.empty
+  | DT.Namespace (_, xs) ->
+      xs |> List.to_seq |> Seq.concat_map field_full_names
+
+let () =
+  let create_params =
+    Datamodel_host.create_params
+    |> List.map (fun p -> p.DT.param_name)
+    |> FieldSet.of_list
+  and fields =
+    Datamodel_host.t.contents
+    |> List.to_seq
+    |> Seq.concat_map field_full_names
+    |> FieldSet.of_seq
+  in
+  let missing_in_create_params = FieldSet.diff fields create_params in
+  if not (FieldSet.is_empty missing_in_create_params) then (
+    Format.eprintf "Missing fields in create_params: %a@." FieldSet.dump
+      missing_in_create_params ;
+    exit 1
+  )