Thanks Will, Currently it is only possible to upload the certificate via API but not from the UI, please find it documented here: https://docs.cloudstack.apache.org/en/latest/adminguide/templates.html#bypassing-secondary-storage-for-kvm-templates.
In your case as the template is stored on Github you may want to upload a Github certificate to the hosts for the download to be trusted Regards, Nicolas Vazquez From: Will Conrad <wcon...@hivelocity.net.INVALID> Date: Wednesday, 14 June 2023 at 10:06 To: users@cloudstack.apache.org <users@cloudstack.apache.org> Subject: Re: Direct Download/Bypass Secondary Storage option for templates Hi Wei and Nicolas, Thank you for you responses. Wei, I checked the host, and confirmed that yes the ca-certificates package is installed and latest. "root@lax2-cs-hv01:~# apt list ca-certificates -a Listing... Done ca-certificates/jammy-updates,jammy-security,now 20230311ubuntu0.22.04.1 all [installed,automatic] ca-certificates/jammy 20211016 all Nicolas, "Have you tried uploading the required certificate for the https download via the uploadTemplateDirectDownloadCertificate API?" No I have not. I was unaware of the need to do this. Is there documentation I may have missed? What certificate is supposed to be uploaded and how is it used? Regards, Willard On Tue, Jun 13, 2023 at 10:01 PM Nicolas Vazquez < nicolas.vazq...@shapeblue.com> wrote: > Hi Will, > > Have you tried uploading the required certificate for the https download > via the uploadTemplateDirectDownloadCertificate API? > > Regards, > Nicolas Vazquez > > > From: Wei ZHOU <ustcweiz...@gmail.com> > Date: Tuesday, 13 June 2023 at 20:01 > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > Subject: Re: Direct Download/Bypass Secondary Storage option for templates > Hi Will, > > What hypervisor do you use ? Have you installed ca-crrtificates package? > > -Wei > > On Tuesday, 13 June 2023, Will Conrad <wcon...@hivelocity.net.invalid> > wrote: > > > Hello again, Community! > > > > We're trying to make use of DirectDownload templates which makes use of > the > > "Bypass Secondary Storage" feature, but we seem to be having issues with > > this functionality. > > > > After setting up a new template with "Direct Download" turned on and an > > HTTPS URL our template file won't download. The download source is a file > > stored in github. This is what we see in the logs: > > > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: WARN > > [kvm.storage.KVMStorageProcessor] (agentRequest-Handler-5:) > > (logid:7b08521c) Error downloading template 209 due to: Error on HTTPS > > request: PKIX path building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > find valid certification path to requested target > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: INFO > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-1:) > > (logid:7b08521c) Trying to fetch storage pool > > 3b59a095-9e71-3e97-92a8-56aa3f931a5e from libvirt > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: WARN > > [kvm.storage.KVMStorageProcessor] (agentRequest-Handler-1:) > > (logid:7b08521c) Error downloading template 209 due to: Error on HTTPS > > request: PKIX path building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > find valid certification path to requested target > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: INFO > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-4:) > > (logid:78a6fa93) Trying to fetch storage pool > > 3b59a095-9e71-3e97-92a8-56aa3f931a5e from libvirt > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: INFO > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-4:) > > (logid:78a6fa93) Asking libvirt to refresh storage pool > > 3b59a095-9e71-3e97-92a8-56aa3f931a5e > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: INFO > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-2:) > > (logid:7b08521c) Trying to fetch storage pool > > 3b59a095-9e71-3e97-92a8-56aa3f931a5e from libvirt > > Jun 13 16:12:08 lax2-cs-hv01 java[26054]: INFO > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-3:) > > (logid:78a6fa93) Trying to fetch storage pool > > eb9f16ef-3ba3-4c50-9e64-807b6f2c8994 from libvirt > > Jun 13 16:12:08 lax2-cs-hv01 java[26054]: INFO > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-3:) > > (logid:78a6fa93) Asking libvirt to refresh storage pool > > eb9f16ef-3ba3-4c50-9e64-807b6f2c8994 > > Jun 13 16:12:08 lax2-cs-hv01 java[26054]: WARN > > [kvm.storage.KVMStorageProcessor] (agentRequest-Handler-2:) > > (logid:7b08521c) Error downloading template 209 due to: Error on HTTPS > > request: PKIX path building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > find valid certification path to requested target > > > > We've been through this documentation: > > https://docs.cloudstack.apache.org/en/latest/adminguide/hosts.html#< > https://docs.cloudstack.apache.org/en/latest/adminguide/hosts.html><https://docs.cloudstack.apache.org/en/latest/adminguide/hosts.html%3e> > > securing-process > > > > but everything seems to be in order, on our side. Any insights here? > > Happy to provide any logs or configuration information to assist. > > > > Regards, > > > > Willard Conrad > > > > DevOps Engineer > > > > Hivelocity, LLC > > > > > >