|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-API] assert_can_migrate regression
Hi, I found an other regression: only pool admins are now allowed to migrate VMs. This is because the new migrate codepath is now using the /services/xenops url (to communicate between xenops deamons) which can be used by pool admins only, whereas migration was previously using the /migrate url, which can be used by all VM admins. So I can think of two possibles fixes for that regression: * either allow services/xenops to VM admins (this can lead to some security issues if not done correctly) * or use the old /migrate url for VM migrations (this can be quite intrusive I guess, as we need to check that every xenops client done by xenops use this codepath) What do you advice ? -- Thomas On Jun 27, 2012, at 6:06 PM, Dave Scott wrote: > Hi Thomas, > > That sounds like an oversight. I think it would be good to add it back in > migrate_send. > > Cheers, > Dave >> -----Original Message----- >> From: xen-api-bounces@xxxxxxxxxxxxx [mailto:xen-api- >> bounces@xxxxxxxxxxxxx] On Behalf Of Thomas Gazagnaire >> Sent: 27 June 2012 16:54 >> To: xen-api@xxxxxxxxxxxxx >> Subject: [Xen-API] assert_can_migrate regression >> >> Hi all, >> >> It seems that xapi/Xapi_vm_migrate.assert_can_migrate is not called >> anymore before the migration process. >> >> I guess we should add it again somewhere in the body of migrate_send >> for instance. Does it make sense or did I miss something obvious here ? >> >> -- >> Thomas >> >> >> >> _______________________________________________ >> Xen-api mailing list >> Xen-api@xxxxxxxxxxxxx >> http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api _______________________________________________ Xen-api mailing list Xen-api@xxxxxxxxxxxxx http://lists.xen.org/cgi-bin/mailman/listinfo/xen-api
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |