rhtyd commented on pull request #4978: URL: https://github.com/apache/cloudstack/pull/4978#issuecomment-927682543
@wido @GabrielBrascher I agree we can't assume mgmt server has SSH access however; - we should explore options to implement this without introducing a new service (my main concern is from security and upgrade point of view, a lot of people don't like non-essential services running on hypervisor) - for example, (1) what if I the admin wants to do some maintainance etc which requires stopping of the agent - in that case could your changes cause any side-effect, (2) systemd can be configured (probably already is?) to have this service always start on boot and on-crash/on-error - agent has a stop command answer it can tell mgmt server why it is stopping - that can be used intelligently to not cause HA led migrations (I haven't checked, probably already-is?) - if this new service is essential, can it be secured using CA-framework generated certificates so at least the communication is validated (the simplest being server certificate was signed/created against the root CA cert) - and a global setting/kill-switch for users who don't want/need this additional feature/service (for ex. NFS users?) and have it disabled by default -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
