xapi-project · minglumlu · Oct 24, 2024 · Oct 2, 2024 · Sep 27, 2024 · Oct 2, 2024
diff --git a/ocaml/database/database_server_main.ml b/ocaml/database/database_server_main.ml
@@ -80,9 +80,9 @@ let _ =
         let socket = Http_svr.bind sockaddr "unix_rpc" in
         let server = Http_svr.Server.empty () in
         Http_svr.Server.add_handler server Http.Post "/post_remote_db_access"
-          (Http_svr.BufIO remote_database_access_handler_v1) ;
+          remote_database_access_handler_v1 ;
         Http_svr.Server.add_handler server Http.Post "/post_remote_db_access_v2"
-          (Http_svr.BufIO remote_database_access_handler_v2) ;
+          remote_database_access_handler_v2 ;
         Http_svr.start ~conn_limit:1024 server socket ;
         Printf.printf "server listening\n%!" ;
         if !self_test then (

diff --git a/ocaml/database/db_remote_cache_access_v1.ml b/ocaml/database/db_remote_cache_access_v1.ml
@@ -126,11 +126,10 @@ module DBCacheRemoteListener = struct
         raise e
 end
 
-let handler req bio _ =
-  let fd = Buf_io.fd_of bio in
+let handler req fd _ =
   (* fd only used for writing *)
   let body =
-    Http_svr.read_body ~limit:Db_globs.http_limit_max_rpc_size req bio
+    Http_svr.read_body ~limit:Db_globs.http_limit_max_rpc_size req fd
   in
   let body_xml = Xml.parse_string body in
   let reply_xml = DBCacheRemoteListener.process_xmlrpc body_xml in

diff --git a/ocaml/database/db_remote_cache_access_v1.mli b/ocaml/database/db_remote_cache_access_v1.mli
@@ -1,2 +1,2 @@
-val handler : Http.Request.t -> Buf_io.t -> 'a -> unit
+val handler : Http.Request.t -> Unix.file_descr -> 'a -> unit
 (** HTTP handler for v1 of the remote DB access protocol *)
diff --git a/ocaml/database/db_remote_cache_access_v2.ml b/ocaml/database/db_remote_cache_access_v2.ml
@@ -67,11 +67,10 @@ let process_rpc (req : Rpc.t) =
         Response.Too_many_values (x, y, z)
     )
 
-let handler req bio _ =
-  let fd = Buf_io.fd_of bio in
+let handler req fd _ =
   (* fd only used for writing *)
   let body =
-    Http_svr.read_body ~limit:Db_globs.http_limit_max_rpc_size req bio
+    Http_svr.read_body ~limit:Db_globs.http_limit_max_rpc_size req fd
   in
   let request_rpc = Jsonrpc.of_string body in
   let reply_rpc = process_rpc request_rpc in

diff --git a/ocaml/database/db_remote_cache_access_v2.mli b/ocaml/database/db_remote_cache_access_v2.mli
@@ -1,2 +1,2 @@
-val handler : Http.Request.t -> Buf_io.t -> 'a -> unit
+val handler : Http.Request.t -> Unix.file_descr -> 'a -> unit
 (** HTTP handler for v2 of the remote DB access protocol *)
diff --git a/ocaml/doc/wire-protocol.md b/ocaml/doc/wire-protocol.md
@@ -469,12 +469,21 @@ $ python3
 
 ### Using the XML-RPC Protocol
 
-Import the library `xmlrpclib` and create a
+Import the library `xmlrpc.client` and create a
 python object referencing the remote server as shown below:
 
 ```python
->>> import xmlrpclib
->>> xen = xmlrpclib.Server("https://localhost:443")
+>>> import xmlrpc.client
+>>> xen = xmlrpc.client.ServerProxy("https://localhost:443")
+```
+
+Note that you may need to disable SSL certificate validation to establish the
+connection, this can be done as follows:
+
+```python
+>>> import ssl
+>>> ctx = ssl._create_unverified_context()
+>>> xen = xmlrpc.client.ServerProxy("https://localhost:443", context=ctx)
 ```
 
 Acquire a session reference by logging in with a username and password; the
@@ -547,35 +556,46 @@ To retrieve all the VM records in a single call:
 
 ```python
 >>> records = xen.VM.get_all_records(session)['Value']
->>> records.keys()
+>>> list(records.keys())
 ['OpaqueRef:1', 'OpaqueRef:2', 'OpaqueRef:3', 'OpaqueRef:4' ]
 >>> records['OpaqueRef:1']['name_label']
 'Red Hat Enterprise Linux 7'
 ```
 
 ### Using the JSON-RPC Protocol
 
-For this example we are making use of the package `python-jsonrpc` due to its
-simplicity, although other packages can also be used.
+For this example we are making use of the package `jsonrpcclient` and the
+`requests` library due to their simplicity, although other packages can also be
+used.
 
-First, import the library `pyjsonrpc` and create the object referencing the
-remote server as follows:
+First, import the `requests` and `jsonrpcclient` libraries:
 
 ```python
->>> import pyjsonrpc
->>> client = pyjsonrpc.HttpClient(url = "https://localhost/jsonrpc:443")
+>>> import requests
+>>> import jsonrpcclient
 ```
 
-Acquire a session reference by logging in with a username and password; the
-library `pyjsonrpc` returns the response's `result` member, which is the session
-reference:
+Now we construct a utility method to make using these libraries easier:
+
+```python
+>>> def jsonrpccall(method, params):
+...     r = requests.post("https://localhost:443/jsonrpc",
+...                       json=jsonrpcclient.request(method, params=params),
+...                       verify=False)
+...     p = jsonrpcclient.parse(r.json())
+...     if isinstance(p, jsonrpcclient.Ok):
+...         return p.result
+...     raise Exception(p.message, p.data)
+```
+
+Acquire a session reference by logging in with a username and password:
 
 ```python
->>> session = client.call("session.login_with_password",
-...                       "user", "passwd", "version", "originator")
+>>> session = jsonrpccall("session.login_with_password",
+...                       ("user", "password", "version", "originator"))
 ```
 
-`pyjsonrpc` uses the JSON-RPC protocol v2.0, so this is what the serialized
+`jsonrpcclient` uses the JSON-RPC protocol v2.0, so this is what the serialized
 request looks like:
 
 ```json
@@ -591,7 +611,7 @@ Next, the user may acquire a list of all the VMs known to the system (note the
 call takes the session reference as the only parameter):
 
 ```python
->>> all_vms = client.call("VM.get_all", session)
+>>> all_vms = jsonrpccall("VM.get_all", (session,))
 >>> all_vms
 ['OpaqueRef:1', 'OpaqueRef:2', 'OpaqueRef:3', 'OpaqueRef:4' ]
 ```
@@ -603,22 +623,19 @@ find the subset of template VMs using a command like the following:
 
 ```python
 >>> all_templates = filter(
-...     lambda x: client.call("VM.get_is_a_template", session, x),
-        all_vms)
+...     lambda x: jsonrpccall("VM.get_is_a_template", (session, x)),
+...     all_vms)
 ```
 
 Once a reference to a VM has been acquired, a lifecycle operation may be invoked:
 
 ```python
->>> from pyjsonrpc import JsonRpcError
 >>> try:
-...     client.call("VM.start", session, all_templates[0], False, False)
-... except JsonRpcError as e:
-...     e.message
-...     e.data
+...     jsonrpccall("VM.start", (session, next(all_templates), False, False))
+... except Exception as e:
+...     e
 ...
-'VM_IS_TEMPLATE'
-[ 'OpaqueRef:1', 'start' ]
+Exception('VM_IS_TEMPLATE', ['OpaqueRef:1', 'start'])
 ```
 
 In this case the `start` message has been rejected because the VM is
@@ -629,7 +646,7 @@ Rather than querying fields individually, whole _records_ may be returned at onc
 To retrieve the record of a single object as a python dictionary:
 
 ```python
->>> record = client.call("VM.get_record", session, all_templates[0])
+>>> record = jsonrpccall("VM.get_record", (session, next(all_templates)))
 >>> record['power_state']
 'Halted'
 >>> record['name_label']
@@ -639,7 +656,7 @@ To retrieve the record of a single object as a python dictionary:
 To retrieve all the VM records in a single call:
 
 ```python
->>> records = client.call("VM.get_all_records", session)
+>>> records = jsonrpccall("VM.get_all_records", (session,))
 >>> records.keys()
 ['OpaqueRef:1', 'OpaqueRef:2', 'OpaqueRef:3', 'OpaqueRef:4' ]
 >>> records['OpaqueRef:1']['name_label']

diff --git a/ocaml/idl/datamodel_common.ml b/ocaml/idl/datamodel_common.ml
@@ -10,7 +10,7 @@ open Datamodel_roles
               to leave a gap for potential hotfixes needing to increment the schema version.*)
 let schema_major_vsn = 5
 
-let schema_minor_vsn = 782
+let schema_minor_vsn = 783
 
 (* Historical schema versions just in case this is useful later *)
 let rio_schema_major_vsn = 5

diff --git a/ocaml/idl/datamodel_host.ml b/ocaml/idl/datamodel_host.ml
@@ -1479,12 +1479,40 @@ let install_ca_certificate =
 let uninstall_ca_certificate =
   call ~pool_internal:true ~hide_from_docs:true ~name:"uninstall_ca_certificate"
     ~doc:"Remove a TLS CA certificate from this host."
-    ~params:
+    ~versioned_params:
       [
-        (Ref _host, "host", "The host"); (String, "name", "The certificate name")
+        {
+          param_type= Ref _host
+        ; param_name= "host"
+        ; param_doc= "The host"
+        ; param_release= numbered_release "1.290.0"
+        ; param_default= None
+        }
+      ; {
+          param_type= String
+        ; param_name= "name"
+        ; param_doc= "The certificate name"
+        ; param_release= numbered_release "1.290.0"
+        ; param_default= None
+        }
+      ; {
+          param_type= Bool
+        ; param_name= "force"
+        ; param_doc= "Remove the DB entry even if the file is non-existent"
+        ; param_release= numbered_release "24.35.0"
+        ; param_default= Some (VBool false)
+        }
       ]
     ~allowed_roles:_R_LOCAL_ROOT_ONLY
-    ~lifecycle:[(Published, "1.290.0", "Uninstall TLS CA certificate")]
+    ~lifecycle:
+      [
+        (Published, "1.290.0", "Uninstall TLS CA certificate")
+      ; ( Changed
+        , "24.35.0"
+        , "Added --force option to allow DB entries to be removed for \
+           non-existent files"
+        )
+      ]
     ()
 
 let certificate_list =

diff --git a/ocaml/idl/datamodel_lifecycle.ml b/ocaml/idl/datamodel_lifecycle.ml
@@ -96,11 +96,11 @@ let prototyped_of_field = function
   | "pool", "telemetry_uuid" ->
       Some "23.9.0"
   | "pool", "ext_auth_cache_expiry" ->
-      Some "24.30.0-next"
+      Some "24.31.0"
   | "pool", "ext_auth_cache_size" ->
-      Some "24.30.0-next"
+      Some "24.31.0"
   | "pool", "ext_auth_cache_enabled" ->
-      Some "24.30.0-next"
+      Some "24.31.0"
   | "pool", "ext_auth_max_threads" ->
       Some "23.27.0"
   | "pool", "local_auth_max_threads" ->
@@ -170,11 +170,11 @@ let prototyped_of_message = function
   | "pool", "get_guest_secureboot_readiness" ->
       Some "24.17.0"
   | "pool", "set_ext_auth_cache_expiry" ->
-      Some "24.30.0-next"
+      Some "24.31.0"
   | "pool", "set_ext_auth_cache_size" ->
-      Some "24.30.0-next"
+      Some "24.31.0"
   | "pool", "set_ext_auth_cache_enabled" ->
-      Some "24.30.0-next"
+      Some "24.31.0"
   | "pool", "set_ext_auth_max_threads" ->
       Some "23.27.0"
   | "pool", "set_local_auth_max_threads" ->

diff --git a/ocaml/idl/datamodel_pool.ml b/ocaml/idl/datamodel_pool.ml
@@ -851,9 +851,41 @@ let certificate_uninstall =
 let uninstall_ca_certificate =
   call ~name:"uninstall_ca_certificate"
     ~doc:"Remove a pool-wide TLS CA certificate."
-    ~params:[(String, "name", "The certificate name")]
+    ~params:
+      [
+        (String, "name", "The certificate name")
+      ; ( Bool
+        , "force"
+        , "If true, remove the DB entry even if the file is non-existent"
+        )
+      ]
+    ~versioned_params:
+      [
+        {
+          param_type= String
+        ; param_name= "name"
+        ; param_doc= "The certificate name"
+        ; param_release= numbered_release "1.290.0"
+        ; param_default= None
+        }
+      ; {
+          param_type= Bool
+        ; param_name= "force"
+        ; param_doc= "Remove the DB entry even if the file is non-existent"
+        ; param_release= numbered_release "24.35.0"
+        ; param_default= Some (VBool false)
+        }
+      ]
     ~allowed_roles:(_R_POOL_OP ++ _R_CLIENT_CERT)
-    ~lifecycle:[(Published, "1.290.0", "Uninstall TLS CA certificate")]
+    ~lifecycle:
+      [
+        (Published, "1.290.0", "Uninstall TLS CA certificate")
+      ; ( Changed
+        , "24.35.0"
+        , "Added --force option to allow DB entries to be removed for \
+           non-existent files"
+        )
+      ]
     ()
 
 let certificate_list =