RE: Reworking the 'xe-guest-utilities' Repo

olivierlambert stormi

So I have been working on this repo for about a month now and it is in a far worse state than I ever imagined. I showed the codebase to some golang pro's and they pretty much roasted every aspect of the original source code. It uses multiple depreciated packages, breaks multiple best practices that golang considers to be fundamental to portability and future-proofing, has a complete lack of any documentation on a variety of esoteric calls, and the source code does not compile against GOOS=freebsd.

I was hoping I could just make some quick changes to clean up this repo for the XCP-NG community but this is a huge endeavor to get in a good place for the future. I would very much like to continue work on this but it has become clear to me that a small team of developers will be required to finish this in a timely fashion. I would suggest creating a new repo called XCP-guest-tools as a properly upgraded version of this repo would rewrite 40%-60% of the original source code to bring it up to a reasonable standard. I also think at that point it would be extremely unlikely that Citrix would ever merge the changes so splitting off to a newly named package would go a long way to avoid confusion about versions and source.

ravenet Thanks so much! I'll add these examples to our new test case folder I will definitely be in touch when we are ready to test on SLES!

An Update on Progress:

I have a new collaborator working with me on reworking these tools which should help with development. He uses XCP-ng as well and is pretty familiar with all the OS's I'm currently planning on officially supporting.

Actual progress has been a little sporadic as we pull apart these tools. The complete lack of documentation has made auditing the Go tedious, as I personally am not familiar with the xenbus standard and/or the data-structure Citrix is using pass info to dom0. The more I pull apart this repo, the more I am questioning the sanity of the Citrix developers. My gut feeling is a lot of this is legacy code that no one wanted to fix or touch for that matter. At some point when we get closer to a proper release, I'll create a list of all the bizarre and poorly designed code we found.

We do have a working makefile and the tools do compile correctly into a generic package.tgz, but there are still a number of things that need to be fixed before it would function on a guest os. I'm also currently in the process of auditing the use of unsafe.Pointer( ) in the existing wrapper for 'timerfd_settime' calls. I'm not really sure why this was done and using the unsafe package is typically bad practice in any production code. It explicitly breaks Go compatibility guidelines and type safety which is kind of the point of Go IMO

I was trying to avoid making a Citrix account lol. (I have a strong distaste for them, for reasons I will cover below)

After digging through the Citrix repo, I have found somethings that frankly infuriate me. Citrix has really no desire to support the opensource community as seen in this comment and their total lack of responsiveness in fixing issues. For instance, this issue, opened and fixed by a member of the fedora team, has sat for over a year. They also have zero documentation anywhere in the code base, and from issues like this they have no intention of adding it. Citrix has abandoned the opensource model to try and compete with VMWare.

While I can understand your desire to maintain some relation with Citrix, I personally have no desire to help them. They have burned their goodwill with the opensource community and this is why, I assume, you started XCP-ng. Moving forward, my desire is to turn this repo into a peer-reviewed, well documented, and actively maintained repository. If Citrix would like to use the improvements XCP-ng makes that's fine, but I don't want my work to sit for years in a pull request that will never be merged by Citrix.

A quick update on progress:

• Added support in install.sh for OpenSuse
• Rebuilt the security audit process of go binaries from python2 --> python3.
• Improved the audit process pretty dramatically.
• Started patching 23 security issues found by the new audit process.
• Started adding documentation across the entire repo.

Up next:

• New package makefiles for the following package managers.
  - apt/dpkg
  - yum/dnf
  - zypper/yast
  - pacman
  - pkg
  - apk
• New test process for xe-linux-distribution

olivierlambert stormi

Having tests will be a great argument to become the new upstream

Our situation is different from that of any linux distribution that wants to provide the tools (which we encourage any distro to do), since what we provide is a RPM that contains an ISO that itself contains DEBs, RPMs, and others. It's not something we can easily build in our build system, koji (though there may be a way to manage it). So we've get to automate that build process.

This weekend I was able to finish the first tool I needed to help streamline the process of testing and building these tools. Its something I'm just calling PRT(Parallel Remote Terminal) for now. I currently have a number of testbeds in my cluster but testing manually on each is a huge pain. PRT is a tool that allows a user to define a group of remote hosts using a yaml file, then send the same command in parallel to each host. PRT returns the connection status, output, and errors on each host directly back to your machine. I hope you won't judge too hard on the quality of my code and docs because this was built in space of 48 hours lol.

You can check it out here:
https://github.com/JustinTimperio/prt

I'll clean this up and improve it over the coming weeks but obviously, this is just tooling to help facilitate the actual work of improving these tools.

Do you keep a list of all the distro's you support? I am looking at converting the shell into go, but I want to make sure I am accounting for the edge cases.

Currently, I am looking to officially support:

RHL:

• CentOS
• Fedora
• REHL (I don't have a copy to test on)

Deb:

• Debian
• Ubuntu
• Kali
• Mint
• MX
• Tails
• Kylin

Arch:

• Arch Linux
• Manjaro

BSD:

• FreeBSD
• OpenBSD

OpenSuse:

• Leap
• TumbleWeed

Random:

• Alpine Linux
• Gentoo

Hi All,

After adding support for Alpine Linux, I found the state of the xe-guest-utilities repo to be in pretty bad condition. This is mostly Citrix fault but at this point, I think XCP-ng has grown large enough that full rework is justified. The Go itself looks reasonable but has somethings worth changing. There also seems to be a large number of 'dead' files and a LOT of very poorly formatted and documented shellcode.

If anyone as an interest in me reworking this repo I can take a look at cleaning this up into something far more 'professional' and better suited for XCP-ng. I currently have a pull request submitted if you would like to look at the work I have done so far.

https://github.com/xcp-ng/xe-guest-utilities/pull/2

Best,
Justin

JustinTimperio opened this pull request in xcp-ng/xe-guest-utilities

closed Major Update To Guest Utilities #2

olivierlambert stormi

So I have been working on this repo for about a month now and it is in a far worse state than I ever imagined. I showed the codebase to some golang pro's and they pretty much roasted every aspect of the original source code. It uses multiple depreciated packages, breaks multiple best practices that golang considers to be fundamental to portability and future-proofing, has a complete lack of any documentation on a variety of esoteric calls, and the source code does not compile against GOOS=freebsd.

I was hoping I could just make some quick changes to clean up this repo for the XCP-NG community but this is a huge endeavor to get in a good place for the future. I would very much like to continue work on this but it has become clear to me that a small team of developers will be required to finish this in a timely fashion. I would suggest creating a new repo called XCP-guest-tools as a properly upgraded version of this repo would rewrite 40%-60% of the original source code to bring it up to a reasonable standard. I also think at that point it would be extremely unlikely that Citrix would ever merge the changes so splitting off to a newly named package would go a long way to avoid confusion about versions and source.

For those interested, since we have put a ton of work into beefing up os detection, I have forked our work into a separate repo. This was something I needed for a variety of my opensource projects install scripts and I hope it will also be helpful for others.

You can check it out here. https://github.com/JustinTimperio/nixinfo

For example, on my desktop, this single command returns the following:

❯ curl -s https://raw.githubusercontent.com/JustinTimperio/nixinfo/master/nixinfo.sh | sh

Distribution='ARCH'
Full_Name='Arch Linux'
Package_Manager='pacman'
Kernel='5.8.14'
Major='rolling'
Minor='rolling'
Patch='rolling'

Or my Nginx host returns:

❯ curl -s https://raw.githubusercontent.com/JustinTimperio/nixinfo/master/nixinfo.sh | sh

Distribution='FREEBSD'
Full_Name='FreeBSD 12.1-RELEASE'
Package_Manager='pkg'
Kernel='1201000'
Major='12'
Minor='1'
Patch='n/a'

ravenet Thanks so much! I'll add these examples to our new test case folder I will definitely be in touch when we are ready to test on SLES!

An Update on Progress:

I have a new collaborator working with me on reworking these tools which should help with development. He uses XCP-ng as well and is pretty familiar with all the OS's I'm currently planning on officially supporting.

Actual progress has been a little sporadic as we pull apart these tools. The complete lack of documentation has made auditing the Go tedious, as I personally am not familiar with the xenbus standard and/or the data-structure Citrix is using pass info to dom0. The more I pull apart this repo, the more I am questioning the sanity of the Citrix developers. My gut feeling is a lot of this is legacy code that no one wanted to fix or touch for that matter. At some point when we get closer to a proper release, I'll create a list of all the bizarre and poorly designed code we found.

We do have a working makefile and the tools do compile correctly into a generic package.tgz, but there are still a number of things that need to be fixed before it would function on a guest os. I'm also currently in the process of auditing the use of unsafe.Pointer( ) in the existing wrapper for 'timerfd_settime' calls. I'm not really sure why this was done and using the unsafe package is typically bad practice in any production code. It explicitly breaks Go compatibility guidelines and type safety which is kind of the point of Go IMO

stormi You bring up some interesting points. I want to make it clear, my intention is not to abandon the creation of a generic tarball. I just also want to include a full package build process for each distro that is officially maintained. My plan was to message the current maintainers of xe-guest-utilites for each distro and strike up a convo.

My goal is to provide that package, that contains the ISO, the ISO itself containing the various variations of the xe-guest-utilities packages and the install.sh script. This my need as XCP-ng packager.

Ahhhh I see what you mean now. Sure that should be pretty easy. I also wanted to create a 'net-install.sh' so users won't even need to mount an iso, just run something like curl net-install-url | sudo bash.

Another maintenance point is that the more distros you support, the more new releases of those distros you'll have to test when they go out.

Yeah, I have def thought about that. I'm still not totally sure how I want to address it, but I currently have custom templates in my cluster for each of these distros. By using the xoapi and PRT I'm pretty confident that I can fully automate the build, and testing process. Another alternative is a custom travis-ci cluster but I'll cross that bridge when I get there.

I don't know, but there are at least test cases: https://github.com/xenserver/xe-guest-utilities/tree/master/mk/testcases

I checked those out but that dir contains /etc/rhel-release rather than /etc/os-release which I generally prefer. We can always figure that out later but currently, this new script provides more os info in way fewer lines. (Sample output here)

O, also do you know anyone willing to help with RHEL and SLES testing? I don't have access to enterprise distros I can test or build on. Idk what is even in their /etc/os-release at this point? (I threw away Citrix distro identification script and rewrote it from scratch. It's 1/3 as long and supports way more distros

don't hesitate to "release early and often" that work of yours so that you can get early feedback and make reviewing easier.

Total agreement here. Unfortunately, I am basically rebasing the entire repo so none of my changes are in a fully functional state and not in a place where I could create a PR. If you want to track my progress check out this repo.

providing makefiles for more package managers is not a priority in my eyes.

For me, this one of my main priorities. I am of an 'open-source first' mentality and placing the burden on each distributions package maintainers is a bit backward in my eyes. Citrix already supports enterprise clients, and basically only updates rpm and deb packages. My goal is to bring all opensource, free distributions up to the same level of compatibility and support as enterprise. In addition, by placing the burden on each distributions team, updates have been largely ignored. Freebsd, Fedora, Ubuntu, CentOS, etc all have xe-guest-utilities that are in some cases, years out of date.

One of my priorities, however, is to build our own binaries instead of using those provided by Citrix

I'm a little confused about this statement. Since I am patching security issues in the go code itself, we will have to compile these into our own binaries, and therefore a separate package(not called xe-guest-utilities for obvious versioning conflict issues). Makefiles will be separated in a similar-ish way to how they are in the Citrix Repo. The core makefile creates a secure temp go build environment, then generates the target binaries. From there, each distribution has it own makefile (in Citrix repo mk/Makefile.deb and mk/Makefile.rpm), which then take the compiled binaries and collects the other various files needed to package these into a xe-guest-utilities.deb or xe-guest-utilities.deb.

If you want to help on that front, the ideal situation would be to be able to build them in Koji.

I can't speak to Koji, I've never used it. Honestly, building the binaries is like the easiest part of this process(you just need to setup some gopaths). I was just gonna use the tool wrote to natively build a package for each distro in its target distro(IE build fedora packages inside fedora), then return the compiled packages to an endpoint.

will you stay around for the next few years to continue maintaining that code, fix bugs, help review PRs, etc?

Just depends if the work I've done gets adopted or not. I usually take on projects when they have a direct impact on my life and also helps the community. I use a lot of distros and I'm really sick of having second rate drivers on non deb and rpm based systems. It solves a problem for me so I will maintain them for at least that reason. My hope obviously, is that this work will be helpful for people using none deb and rpm systems as well, I just try not to get too attached to how many people are using an opensource project I write. It can be really discouraging if you put hundreds of hours into a project for the community that then is never used.

I was trying to avoid making a Citrix account lol. (I have a strong distaste for them, for reasons I will cover below)

After digging through the Citrix repo, I have found somethings that frankly infuriate me. Citrix has really no desire to support the opensource community as seen in this comment and their total lack of responsiveness in fixing issues. For instance, this issue, opened and fixed by a member of the fedora team, has sat for over a year. They also have zero documentation anywhere in the code base, and from issues like this they have no intention of adding it. Citrix has abandoned the opensource model to try and compete with VMWare.

While I can understand your desire to maintain some relation with Citrix, I personally have no desire to help them. They have burned their goodwill with the opensource community and this is why, I assume, you started XCP-ng. Moving forward, my desire is to turn this repo into a peer-reviewed, well documented, and actively maintained repository. If Citrix would like to use the improvements XCP-ng makes that's fine, but I don't want my work to sit for years in a pull request that will never be merged by Citrix.

A quick update on progress:

• Added support in install.sh for OpenSuse
• Rebuilt the security audit process of go binaries from python2 --> python3.
• Improved the audit process pretty dramatically.
• Started patching 23 security issues found by the new audit process.
• Started adding documentation across the entire repo.

Up next:

• New package makefiles for the following package managers.
  - apt/dpkg
  - yum/dnf
  - zypper/yast
  - pacman
  - pkg
  - apk
• New test process for xe-linux-distribution

stormi I've tried that but all the downloads are behind a login wall.

Hey stormi could you send me an original Citrix iso with its tagged version? I'm trying to figure out if they are making changes before shipping by comparing checksums.

olivierlambert stormi

Having tests will be a great argument to become the new upstream

Our situation is different from that of any linux distribution that wants to provide the tools (which we encourage any distro to do), since what we provide is a RPM that contains an ISO that itself contains DEBs, RPMs, and others. It's not something we can easily build in our build system, koji (though there may be a way to manage it). So we've get to automate that build process.

This weekend I was able to finish the first tool I needed to help streamline the process of testing and building these tools. Its something I'm just calling PRT(Parallel Remote Terminal) for now. I currently have a number of testbeds in my cluster but testing manually on each is a huge pain. PRT is a tool that allows a user to define a group of remote hosts using a yaml file, then send the same command in parallel to each host. PRT returns the connection status, output, and errors on each host directly back to your machine. I hope you won't judge too hard on the quality of my code and docs because this was built in space of 48 hours lol.

You can check it out here:
https://github.com/JustinTimperio/prt

I'll clean this up and improve it over the coming weeks but obviously, this is just tooling to help facilitate the actual work of improving these tools.