Nicolas, The reason we're considering using the directdownload feature is to simplify template maintenance/updates. I presume that's what it was designed for. We want to be able to, preferably through cloudstack functionality, update the template image file associated with a template. We planned on achieving this utilizing directdownload to decouple the image file from the registered template itself when it occurred to us that a "regrab" button in the template properties webui or an API call to tell secondary storage to redownload the source would very much simplify this process.
This brings my questions to: How difficult would it be to implement something like that? Is there another way to update the imagefile associated with a template? I mean, could we manually overwrite the file on secondary storage? Would that break anything? What is Cloudstack's recommended best practice for managing template images? Regards, Willard (Will) On Wed, Jun 14, 2023 at 10:26 AM Nicolas Vazquez < nicolas.vazq...@shapeblue.com> wrote: > No problem, I think these docs do not clearly state the supported storage > providers, I will fix that. On this blog entry we have mentioned them: > https://www.shapeblue.com/cloudstack-feature-first-look-direct-download-agnostic-of-the-storage-provider/ > > Currently the direct download feature is supported on NFS, local storage > and shared mount point, but not for Ceph. > > Regards, > Nicolas Vazquez > > > From: Will Conrad <wcon...@hivelocity.net.INVALID> > Date: Wednesday, 14 June 2023 at 10:58 > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > Subject: Re: Direct Download/Bypass Secondary Storage option for templates > Nicolas, > > I feel silly for not having read that documentation all the way through. > Thank you for your assistance. > > I have another question, now. Since we've been working with this we > have been trying various methods of testing directdownload templates. Since > we were having problems with HTTPS, we tested HTTP. We have run into a > problem where the template fails to download if the guest is using ceph > storage. When we change to creating the VM on "local" storage, the template > download succeeds and the VM creates successfully. Are there any insights > you can provide here? Is there more documentation I may have missed? > > On Wed, Jun 14, 2023 at 9:39 AM Nicolas Vazquez < > nicolas.vazq...@shapeblue.com> wrote: > > > Thanks Will, > > > > Currently it is only possible to upload the certificate via API but not > > from the UI, please find it documented here: > > > https://docs.cloudstack.apache.org/en/latest/adminguide/templates.html#bypassing-secondary-storage-for-kvm-templates > > . > > > > In your case as the template is stored on Github you may want to upload a > > Github certificate to the hosts for the download to be trusted > > > > Regards, > > Nicolas Vazquez > > > > > > From: Will Conrad <wcon...@hivelocity.net.INVALID> > > Date: Wednesday, 14 June 2023 at 10:06 > > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > > Subject: Re: Direct Download/Bypass Secondary Storage option for > templates > > Hi Wei and Nicolas, > > > > Thank you for you responses. > > > > Wei, > > > > I checked the host, and confirmed that yes the ca-certificates package is > > installed and latest. > > "root@lax2-cs-hv01:~# apt list ca-certificates -a > > > > Listing... Done > > > > ca-certificates/jammy-updates,jammy-security,now 20230311ubuntu0.22.04.1 > > all [installed,automatic] > > > > ca-certificates/jammy 20211016 all > > > > > > > > Nicolas, > > > > "Have you tried uploading the required certificate for the https download > > via the uploadTemplateDirectDownloadCertificate API?" > > > > No I have not. I was unaware of the need to do this. Is there > documentation > > I may have missed? What certificate is supposed to be uploaded and how is > > it used? > > > > Regards, > > > > Willard > > > > On Tue, Jun 13, 2023 at 10:01 PM Nicolas Vazquez < > > nicolas.vazq...@shapeblue.com> wrote: > > > > > Hi Will, > > > > > > Have you tried uploading the required certificate for the https > download > > > via the uploadTemplateDirectDownloadCertificate API? > > > > > > Regards, > > > Nicolas Vazquez > > > > > > > > > From: Wei ZHOU <ustcweiz...@gmail.com> > > > Date: Tuesday, 13 June 2023 at 20:01 > > > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > > > Subject: Re: Direct Download/Bypass Secondary Storage option for > > templates > > > Hi Will, > > > > > > What hypervisor do you use ? Have you installed ca-crrtificates > package? > > > > > > -Wei > > > > > > On Tuesday, 13 June 2023, Will Conrad <wcon...@hivelocity.net.invalid> > > > wrote: > > > > > > > Hello again, Community! > > > > > > > > We're trying to make use of DirectDownload templates which makes use > of > > > the > > > > "Bypass Secondary Storage" feature, but we seem to be having issues > > with > > > > this functionality. > > > > > > > > After setting up a new template with "Direct Download" turned on and > an > > > > HTTPS URL our template file won't download. The download source is a > > file > > > > stored in github. This is what we see in the logs: > > > > > > > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: WARN > > > > [kvm.storage.KVMStorageProcessor] (agentRequest-Handler-5:) > > > > (logid:7b08521c) Error downloading template 209 due to: Error on > HTTPS > > > > request: PKIX path building failed: > > > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > > > find valid certification path to requested target > > > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: INFO > > > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-1:) > > > > (logid:7b08521c) Trying to fetch storage pool > > > > 3b59a095-9e71-3e97-92a8-56aa3f931a5e from libvirt > > > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: WARN > > > > [kvm.storage.KVMStorageProcessor] (agentRequest-Handler-1:) > > > > (logid:7b08521c) Error downloading template 209 due to: Error on > HTTPS > > > > request: PKIX path building failed: > > > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > > > find valid certification path to requested target > > > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: INFO > > > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-4:) > > > > (logid:78a6fa93) Trying to fetch storage pool > > > > 3b59a095-9e71-3e97-92a8-56aa3f931a5e from libvirt > > > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: INFO > > > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-4:) > > > > (logid:78a6fa93) Asking libvirt to refresh storage pool > > > > 3b59a095-9e71-3e97-92a8-56aa3f931a5e > > > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: INFO > > > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-2:) > > > > (logid:7b08521c) Trying to fetch storage pool > > > > 3b59a095-9e71-3e97-92a8-56aa3f931a5e from libvirt > > > > Jun 13 16:12:08 lax2-cs-hv01 java[26054]: INFO > > > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-3:) > > > > (logid:78a6fa93) Trying to fetch storage pool > > > > eb9f16ef-3ba3-4c50-9e64-807b6f2c8994 from libvirt > > > > Jun 13 16:12:08 lax2-cs-hv01 java[26054]: INFO > > > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-3:) > > > > (logid:78a6fa93) Asking libvirt to refresh storage pool > > > > eb9f16ef-3ba3-4c50-9e64-807b6f2c8994 > > > > Jun 13 16:12:08 lax2-cs-hv01 java[26054]: WARN > > > > [kvm.storage.KVMStorageProcessor] (agentRequest-Handler-2:) > > > > (logid:7b08521c) Error downloading template 209 due to: Error on > HTTPS > > > > request: PKIX path building failed: > > > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > > > find valid certification path to requested target > > > > > > > > We've been through this documentation: > > > > https://docs.cloudstack.apache.org/en/latest/adminguide/hosts.html#< > > > https://docs.cloudstack.apache.org/en/latest/adminguide/hosts.html><< > https://docs.cloudstack.apache.org/en/latest/adminguide/hosts.html%3e%3c> > > https://docs.cloudstack.apache.org/en/latest/adminguide/hosts.html%3e>< > https://docs.cloudstack.apache.org/en/latest/adminguide/hosts.html%3e%3e> > > > > securing-process > > > > > > > > but everything seems to be in order, on our side. Any insights here? > > > > Happy to provide any logs or configuration information to assist. > > > > > > > > Regards, > > > > > > > > Willard Conrad > > > > > > > > DevOps Engineer > > > > > > > > Hivelocity, LLC > > > > > > > > > > > > > > > > > > > > > > > > > > > >
