[GitHub] [cloudstack-documentation] PaulAngus merged pull request #54: KVM direct downloads
PaulAngus merged pull request #54: KVM direct downloads URL: https://github.com/apache/cloudstack-documentation/pull/54 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] nvazquez commented on issue #54: KVM direct downloads
nvazquez commented on issue #54: KVM direct downloads URL: https://github.com/apache/cloudstack-documentation/pull/54#issuecomment-513919432 Thanks @PaulAngus This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] nvazquez commented on a change in pull request #54: KVM direct downloads
nvazquez commented on a change in pull request #54: KVM direct downloads URL: https://github.com/apache/cloudstack-documentation/pull/54#discussion_r305992581 ## File path: source/adminguide/templates/_bypass-secondary-storage-kvm.rst ## @@ -0,0 +1,90 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +.. _bypass-secondary-storage-kvm: + +Bypassing Secondary Storage on KVM templates + + +CloudStack provides an optional way to register and use templates on KVM. + +Instead of registering a template and use secondary storage as cache, it is possible to bypass secondary storage on KVM templates registration. At deployment time, the template is downloaded directly to primary storage avoiding the copy from secondary storage. + +Supported protocols: HTTP/HTTPS, NFS and metalinks. The protocol is obtained from the template URL. + +To enable this option for a template: + +#. In the left navigation bar, click Templates. + +#. Click Register Template. + +#. Select KVM as hypervisor: + + |kvm-direct-download.png| + + - **Direct Download**. It will be shown in the UI when KVM is selected as hypervisor. Choose Yes for enabling the bypassing secondary storage option. + + - **Checksum**. Optional field. If this field is populated, the checksum is compared to the downloaded template checksum when the template is downloaded to primary storage at deployment time. + +After the template is registered, it is automatically available for VM deployments. + +Uploading certificates for direct downloads +~~~ +For HTTPS direct downloads, the KVM hosts on a zone should need certificates. Review comment: Fixed This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] PaulAngus commented on a change in pull request #54: KVM direct downloads
PaulAngus commented on a change in pull request #54: KVM direct downloads URL: https://github.com/apache/cloudstack-documentation/pull/54#discussion_r305982998 ## File path: source/adminguide/templates/_bypass-secondary-storage-kvm.rst ## @@ -0,0 +1,90 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +.. _bypass-secondary-storage-kvm: + +Bypassing Secondary Storage on KVM templates + + +CloudStack provides an optional way to register and use templates on KVM. + +Instead of registering a template and use secondary storage as cache, it is possible to bypass secondary storage on KVM templates registration. At deployment time, the template is downloaded directly to primary storage avoiding the copy from secondary storage. + +Supported protocols: HTTP/HTTPS, NFS and metalinks. The protocol is obtained from the template URL. + +To enable this option for a template: + +#. In the left navigation bar, click Templates. + +#. Click Register Template. + +#. Select KVM as hypervisor: + + |kvm-direct-download.png| + + - **Direct Download**. It will be shown in the UI when KVM is selected as hypervisor. Choose Yes for enabling the bypassing secondary storage option. + + - **Checksum**. Optional field. If this field is populated, the checksum is compared to the downloaded template checksum when the template is downloaded to primary storage at deployment time. + +After the template is registered, it is automatically available for VM deployments. + +Uploading certificates for direct downloads +~~~ +For HTTPS direct downloads, the KVM hosts on a zone should need certificates. + +CloudStack provides some APIs to handle certificates for direct downloads: + +- Upload a certificate to hosts in 'Up' state in a zone with id = ZONE_ID: + + .. code:: bash + + upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID certificate=CERTIFICATE_FORMATTED + + where: + - CERTIFICATE_FORMATTED is the string format of a X509 certificate + - CERTIFICATE_ALIAS is the alias which will be used to import the certificate on each KVM host + + **Note:**. These certificates are imported into the /etc/cloudstack/agent/cloud.jks keystore on each KVM host. + +- Revoke a certificate from every host in 'Up' state in a zone with id = ZONE_ID: + + .. code:: bash + + revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID + +- It is also possible to revoke a certificate from a specific host within a zone: + + .. code:: bash + + revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID hostid=HOST_ID + +- After a certificate is revoked from a host within a zone, it can be re-uploaded to the host: + + .. code:: bash + + upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID certificate=CERTIFICATE_FORMATTED hostid=HOST_ID + +Certificates for direct downloads synchronization task +~~ + +Certificates are uploaded to the running hosts in a zone at a certain moment. However, the number of running hosts may change and new hosts added to the zone may not include the certificate uploaded to the rest of the hosts. Review comment: ```suggestion As new hosts may be added to a zone which do not include a certificate which was previously uploaded to pre-existing hosts. ``` This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] PaulAngus commented on a change in pull request #54: KVM direct downloads
PaulAngus commented on a change in pull request #54: KVM direct downloads URL: https://github.com/apache/cloudstack-documentation/pull/54#discussion_r305983469 ## File path: source/adminguide/templates/_bypass-secondary-storage-kvm.rst ## @@ -0,0 +1,90 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +.. _bypass-secondary-storage-kvm: + +Bypassing Secondary Storage on KVM templates + + +CloudStack provides an optional way to register and use templates on KVM. + +Instead of registering a template and use secondary storage as cache, it is possible to bypass secondary storage on KVM templates registration. At deployment time, the template is downloaded directly to primary storage avoiding the copy from secondary storage. + +Supported protocols: HTTP/HTTPS, NFS and metalinks. The protocol is obtained from the template URL. + +To enable this option for a template: + +#. In the left navigation bar, click Templates. + +#. Click Register Template. + +#. Select KVM as hypervisor: + + |kvm-direct-download.png| + + - **Direct Download**. It will be shown in the UI when KVM is selected as hypervisor. Choose Yes for enabling the bypassing secondary storage option. + + - **Checksum**. Optional field. If this field is populated, the checksum is compared to the downloaded template checksum when the template is downloaded to primary storage at deployment time. + +After the template is registered, it is automatically available for VM deployments. + +Uploading certificates for direct downloads +~~~ +For HTTPS direct downloads, the KVM hosts on a zone should need certificates. + +CloudStack provides some APIs to handle certificates for direct downloads: + +- Upload a certificate to hosts in 'Up' state in a zone with id = ZONE_ID: + + .. code:: bash + + upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID certificate=CERTIFICATE_FORMATTED + + where: + - CERTIFICATE_FORMATTED is the string format of a X509 certificate + - CERTIFICATE_ALIAS is the alias which will be used to import the certificate on each KVM host + + **Note:**. These certificates are imported into the /etc/cloudstack/agent/cloud.jks keystore on each KVM host. + +- Revoke a certificate from every host in 'Up' state in a zone with id = ZONE_ID: + + .. code:: bash + + revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID + +- It is also possible to revoke a certificate from a specific host within a zone: + + .. code:: bash + + revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID hostid=HOST_ID + +- After a certificate is revoked from a host within a zone, it can be re-uploaded to the host: + + .. code:: bash + + upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID certificate=CERTIFICATE_FORMATTED hostid=HOST_ID + +Certificates for direct downloads synchronization task +~~ + +Certificates are uploaded to the running hosts in a zone at a certain moment. However, the number of running hosts may change and new hosts added to the zone may not include the certificate uploaded to the rest of the hosts. + +CloudStack provides a way to synchronize certificates across all the running hosts on each zone. The global setting 'direct.download.certificate.background.task.interval' defines the interval in which the synchronization task will run. This task will: + +- Iterate through each enabled zone +- Get the running hosts in a zone Review comment: ```suggestion - Enumerate the connected hosts in a zone ``` This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] PaulAngus commented on a change in pull request #54: KVM direct downloads
PaulAngus commented on a change in pull request #54: KVM direct downloads URL: https://github.com/apache/cloudstack-documentation/pull/54#discussion_r305983296 ## File path: source/adminguide/templates/_bypass-secondary-storage-kvm.rst ## @@ -0,0 +1,90 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +.. _bypass-secondary-storage-kvm: + +Bypassing Secondary Storage on KVM templates + + +CloudStack provides an optional way to register and use templates on KVM. + +Instead of registering a template and use secondary storage as cache, it is possible to bypass secondary storage on KVM templates registration. At deployment time, the template is downloaded directly to primary storage avoiding the copy from secondary storage. + +Supported protocols: HTTP/HTTPS, NFS and metalinks. The protocol is obtained from the template URL. + +To enable this option for a template: + +#. In the left navigation bar, click Templates. + +#. Click Register Template. + +#. Select KVM as hypervisor: + + |kvm-direct-download.png| + + - **Direct Download**. It will be shown in the UI when KVM is selected as hypervisor. Choose Yes for enabling the bypassing secondary storage option. + + - **Checksum**. Optional field. If this field is populated, the checksum is compared to the downloaded template checksum when the template is downloaded to primary storage at deployment time. + +After the template is registered, it is automatically available for VM deployments. + +Uploading certificates for direct downloads +~~~ +For HTTPS direct downloads, the KVM hosts on a zone should need certificates. + +CloudStack provides some APIs to handle certificates for direct downloads: + +- Upload a certificate to hosts in 'Up' state in a zone with id = ZONE_ID: + + .. code:: bash + + upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID certificate=CERTIFICATE_FORMATTED + + where: + - CERTIFICATE_FORMATTED is the string format of a X509 certificate + - CERTIFICATE_ALIAS is the alias which will be used to import the certificate on each KVM host + + **Note:**. These certificates are imported into the /etc/cloudstack/agent/cloud.jks keystore on each KVM host. + +- Revoke a certificate from every host in 'Up' state in a zone with id = ZONE_ID: + + .. code:: bash + + revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID + +- It is also possible to revoke a certificate from a specific host within a zone: + + .. code:: bash + + revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID hostid=HOST_ID + +- After a certificate is revoked from a host within a zone, it can be re-uploaded to the host: + + .. code:: bash + + upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID certificate=CERTIFICATE_FORMATTED hostid=HOST_ID + +Certificates for direct downloads synchronization task +~~ + +Certificates are uploaded to the running hosts in a zone at a certain moment. However, the number of running hosts may change and new hosts added to the zone may not include the certificate uploaded to the rest of the hosts. + +CloudStack provides a way to synchronize certificates across all the running hosts on each zone. The global setting 'direct.download.certificate.background.task.interval' defines the interval in which the synchronization task will run. This task will: Review comment: ```suggestion CloudStack provides a way to synchronize certificates across all the connected hosts in each zone. The global setting 'direct.download.certificate.background.task.interval' defines the interval in which the synchronization task will run. This task will: ``` This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please
[GitHub] [cloudstack-documentation] PaulAngus commented on a change in pull request #54: KVM direct downloads
PaulAngus commented on a change in pull request #54: KVM direct downloads URL: https://github.com/apache/cloudstack-documentation/pull/54#discussion_r305977050 ## File path: source/adminguide/templates/_bypass-secondary-storage-kvm.rst ## @@ -0,0 +1,90 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +.. _bypass-secondary-storage-kvm: + +Bypassing Secondary Storage on KVM templates + + +CloudStack provides an optional way to register and use templates on KVM. + +Instead of registering a template and use secondary storage as cache, it is possible to bypass secondary storage on KVM templates registration. At deployment time, the template is downloaded directly to primary storage avoiding the copy from secondary storage. Review comment: ```suggestion Instead of registering a template and storing it on secondary storage, the user can opt to skip downloading the template to secondary storage for KVM at template registration. At deployment time, the template is downloaded directly to primary storage from the registered source, instead of being copied from secondary storage. ``` This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] PaulAngus commented on a change in pull request #54: KVM direct downloads
PaulAngus commented on a change in pull request #54: KVM direct downloads URL: https://github.com/apache/cloudstack-documentation/pull/54#discussion_r305979808 ## File path: source/adminguide/templates/_bypass-secondary-storage-kvm.rst ## @@ -0,0 +1,90 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +.. _bypass-secondary-storage-kvm: + +Bypassing Secondary Storage on KVM templates + + +CloudStack provides an optional way to register and use templates on KVM. + +Instead of registering a template and use secondary storage as cache, it is possible to bypass secondary storage on KVM templates registration. At deployment time, the template is downloaded directly to primary storage avoiding the copy from secondary storage. + +Supported protocols: HTTP/HTTPS, NFS and metalinks. The protocol is obtained from the template URL. + +To enable this option for a template: + +#. In the left navigation bar, click Templates. + +#. Click Register Template. + +#. Select KVM as hypervisor: + + |kvm-direct-download.png| + + - **Direct Download**. It will be shown in the UI when KVM is selected as hypervisor. Choose Yes for enabling the bypassing secondary storage option. + + - **Checksum**. Optional field. If this field is populated, the checksum is compared to the downloaded template checksum when the template is downloaded to primary storage at deployment time. + +After the template is registered, it is automatically available for VM deployments. + +Uploading certificates for direct downloads +~~~ +For HTTPS direct downloads, the KVM hosts on a zone should need certificates. + +CloudStack provides some APIs to handle certificates for direct downloads: + +- Upload a certificate to hosts in 'Up' state in a zone with id = ZONE_ID: + + .. code:: bash + + upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID certificate=CERTIFICATE_FORMATTED + + where: + - CERTIFICATE_FORMATTED is the string format of a X509 certificate + - CERTIFICATE_ALIAS is the alias which will be used to import the certificate on each KVM host + + **Note:**. These certificates are imported into the /etc/cloudstack/agent/cloud.jks keystore on each KVM host. + +- Revoke a certificate from every host in 'Up' state in a zone with id = ZONE_ID: + + .. code:: bash + + revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID + +- It is also possible to revoke a certificate from a specific host within a zone: + + .. code:: bash + + revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID hostid=HOST_ID + +- After a certificate is revoked from a host within a zone, it can be re-uploaded to the host: + + .. code:: bash + + upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID certificate=CERTIFICATE_FORMATTED hostid=HOST_ID + +Certificates for direct downloads synchronization task Review comment: ```suggestion Syncronising Certificates for Direct Downloads ``` This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] PaulAngus commented on a change in pull request #54: KVM direct downloads
PaulAngus commented on a change in pull request #54: KVM direct downloads URL: https://github.com/apache/cloudstack-documentation/pull/54#discussion_r305977869 ## File path: source/adminguide/templates/_bypass-secondary-storage-kvm.rst ## @@ -0,0 +1,90 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +.. _bypass-secondary-storage-kvm: + +Bypassing Secondary Storage on KVM templates + + +CloudStack provides an optional way to register and use templates on KVM. + +Instead of registering a template and use secondary storage as cache, it is possible to bypass secondary storage on KVM templates registration. At deployment time, the template is downloaded directly to primary storage avoiding the copy from secondary storage. + +Supported protocols: HTTP/HTTPS, NFS and metalinks. The protocol is obtained from the template URL. + +To enable this option for a template: + +#. In the left navigation bar, click Templates. + +#. Click Register Template. + +#. Select KVM as hypervisor: + + |kvm-direct-download.png| + + - **Direct Download**. It will be shown in the UI when KVM is selected as hypervisor. Choose Yes for enabling the bypassing secondary storage option. + + - **Checksum**. Optional field. If this field is populated, the checksum is compared to the downloaded template checksum when the template is downloaded to primary storage at deployment time. + +After the template is registered, it is automatically available for VM deployments. + +Uploading certificates for direct downloads Review comment: ```suggestion Uploading Certificates for Direct Downloads ``` This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] PaulAngus commented on a change in pull request #54: KVM direct downloads
PaulAngus commented on a change in pull request #54: KVM direct downloads URL: https://github.com/apache/cloudstack-documentation/pull/54#discussion_r305977670 ## File path: source/adminguide/templates/_bypass-secondary-storage-kvm.rst ## @@ -0,0 +1,90 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +.. _bypass-secondary-storage-kvm: + +Bypassing Secondary Storage on KVM templates + + +CloudStack provides an optional way to register and use templates on KVM. + +Instead of registering a template and use secondary storage as cache, it is possible to bypass secondary storage on KVM templates registration. At deployment time, the template is downloaded directly to primary storage avoiding the copy from secondary storage. + +Supported protocols: HTTP/HTTPS, NFS and metalinks. The protocol is obtained from the template URL. + +To enable this option for a template: + +#. In the left navigation bar, click Templates. + +#. Click Register Template. + +#. Select KVM as hypervisor: + + |kvm-direct-download.png| + + - **Direct Download**. It will be shown in the UI when KVM is selected as hypervisor. Choose Yes for enabling the bypassing secondary storage option. Review comment: ```suggestion - **Direct Download**. This option will be shown in the UI when KVM is selected as the hypervisor. Choose Yes to enable the bypassing secondary storage option. ``` This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] PaulAngus commented on a change in pull request #54: KVM direct downloads
PaulAngus commented on a change in pull request #54: KVM direct downloads URL: https://github.com/apache/cloudstack-documentation/pull/54#discussion_r305975252 ## File path: source/adminguide/templates/_bypass-secondary-storage-kvm.rst ## @@ -0,0 +1,90 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +.. _bypass-secondary-storage-kvm: + +Bypassing Secondary Storage on KVM templates Review comment: ```suggestion Bypassing Secondary Storage For KVM templates ``` This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] PaulAngus commented on a change in pull request #54: KVM direct downloads
PaulAngus commented on a change in pull request #54: KVM direct downloads URL: https://github.com/apache/cloudstack-documentation/pull/54#discussion_r305978948 ## File path: source/adminguide/templates/_bypass-secondary-storage-kvm.rst ## @@ -0,0 +1,90 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +.. _bypass-secondary-storage-kvm: + +Bypassing Secondary Storage on KVM templates + + +CloudStack provides an optional way to register and use templates on KVM. + +Instead of registering a template and use secondary storage as cache, it is possible to bypass secondary storage on KVM templates registration. At deployment time, the template is downloaded directly to primary storage avoiding the copy from secondary storage. + +Supported protocols: HTTP/HTTPS, NFS and metalinks. The protocol is obtained from the template URL. + +To enable this option for a template: + +#. In the left navigation bar, click Templates. + +#. Click Register Template. + +#. Select KVM as hypervisor: + + |kvm-direct-download.png| + + - **Direct Download**. It will be shown in the UI when KVM is selected as hypervisor. Choose Yes for enabling the bypassing secondary storage option. + + - **Checksum**. Optional field. If this field is populated, the checksum is compared to the downloaded template checksum when the template is downloaded to primary storage at deployment time. + +After the template is registered, it is automatically available for VM deployments. + +Uploading certificates for direct downloads +~~~ +For HTTPS direct downloads, the KVM hosts on a zone should need certificates. Review comment: ```suggestion For direct downloads over HTTPS, the KVM hosts must have valid certificates. ``` ALSO - what must these be? will self-signed work? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] PaulAngus commented on a change in pull request #54: KVM direct downloads
PaulAngus commented on a change in pull request #54: KVM direct downloads URL: https://github.com/apache/cloudstack-documentation/pull/54#discussion_r305975480 ## File path: source/adminguide/templates/_bypass-secondary-storage-kvm.rst ## @@ -0,0 +1,90 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +.. _bypass-secondary-storage-kvm: + +Bypassing Secondary Storage on KVM templates + + +CloudStack provides an optional way to register and use templates on KVM. Review comment: ```suggestion CloudStack provides an additional way to register and use templates on KVM. ``` This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] PaulAngus commented on a change in pull request #54: KVM direct downloads
PaulAngus commented on a change in pull request #54: KVM direct downloads URL: https://github.com/apache/cloudstack-documentation/pull/54#discussion_r305983899 ## File path: source/adminguide/templates/_bypass-secondary-storage-kvm.rst ## @@ -0,0 +1,90 @@ +.. Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information# + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + + +.. _bypass-secondary-storage-kvm: + +Bypassing Secondary Storage on KVM templates + + +CloudStack provides an optional way to register and use templates on KVM. + +Instead of registering a template and use secondary storage as cache, it is possible to bypass secondary storage on KVM templates registration. At deployment time, the template is downloaded directly to primary storage avoiding the copy from secondary storage. + +Supported protocols: HTTP/HTTPS, NFS and metalinks. The protocol is obtained from the template URL. + +To enable this option for a template: + +#. In the left navigation bar, click Templates. + +#. Click Register Template. + +#. Select KVM as hypervisor: + + |kvm-direct-download.png| + + - **Direct Download**. It will be shown in the UI when KVM is selected as hypervisor. Choose Yes for enabling the bypassing secondary storage option. + + - **Checksum**. Optional field. If this field is populated, the checksum is compared to the downloaded template checksum when the template is downloaded to primary storage at deployment time. + +After the template is registered, it is automatically available for VM deployments. + +Uploading certificates for direct downloads +~~~ +For HTTPS direct downloads, the KVM hosts on a zone should need certificates. + +CloudStack provides some APIs to handle certificates for direct downloads: + +- Upload a certificate to hosts in 'Up' state in a zone with id = ZONE_ID: + + .. code:: bash + + upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID certificate=CERTIFICATE_FORMATTED + + where: + - CERTIFICATE_FORMATTED is the string format of a X509 certificate + - CERTIFICATE_ALIAS is the alias which will be used to import the certificate on each KVM host + + **Note:**. These certificates are imported into the /etc/cloudstack/agent/cloud.jks keystore on each KVM host. + +- Revoke a certificate from every host in 'Up' state in a zone with id = ZONE_ID: + + .. code:: bash + + revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID + +- It is also possible to revoke a certificate from a specific host within a zone: + + .. code:: bash + + revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID hostid=HOST_ID + +- After a certificate is revoked from a host within a zone, it can be re-uploaded to the host: + + .. code:: bash + + upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID certificate=CERTIFICATE_FORMATTED hostid=HOST_ID + +Certificates for direct downloads synchronization task +~~ + +Certificates are uploaded to the running hosts in a zone at a certain moment. However, the number of running hosts may change and new hosts added to the zone may not include the certificate uploaded to the rest of the hosts. + +CloudStack provides a way to synchronize certificates across all the running hosts on each zone. The global setting 'direct.download.certificate.background.task.interval' defines the interval in which the synchronization task will run. This task will: + +- Iterate through each enabled zone +- Get the running hosts in a zone +- Check which hosts need the certificates which have been already uploaded to other hosts Review comment: ```suggestion - Check which hosts are missing the certificates which have been already uploaded to other hosts ``` This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service,
[GitHub] [cloudstack-documentation] nvazquez commented on issue #54: KVM direct downloads
nvazquez commented on issue #54: KVM direct downloads URL: https://github.com/apache/cloudstack-documentation/pull/54#issuecomment-513870570 Ping @rhtyd @borisstoyanov @PaulAngus @anuragaw @shwstppr can you please review? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] PaulAngus merged pull request #55: Network offering scopes
PaulAngus merged pull request #55: Network offering scopes URL: https://github.com/apache/cloudstack-documentation/pull/55 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [cloudstack-documentation] andrijapanicsb commented on issue #55: Network offering scopes
andrijapanicsb commented on issue #55: Network offering scopes URL: https://github.com/apache/cloudstack-documentation/pull/55#issuecomment-513816463 LGTM This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
Re: [ANNOUNCE] Nathan Johnson has joined the PMC
Congratulations Nathan! On Fri, Jul 19, 2019, 5:59 PM Paul Angus wrote: > Fellow CloudStackers, > > > > It gives me great pleasure to say that Nathan has been invited to join the > PMC and has gracefully accepted. > > > Please join me in congratulating Nathan! > > > > > Kind regards, > > > > Paul Angus > > CloudStack PMC >
Re: [ANNOUNCE] Nathan Johnson has joined the PMC
Congratulations, Nathan! From: Paul Angus Sent: 19 July 2019 16:58 To: dev@cloudstack.apache.org ; us...@cloudstack.apache.org ; priv...@cloudstack.apache.org Subject: [ANNOUNCE] Nathan Johnson has joined the PMC Fellow CloudStackers, It gives me great pleasure to say that Nathan has been invited to join the PMC and has gracefully accepted. Please join me in congratulating Nathan! Kind regards, Paul Angus CloudStack PMC
Re: CloudStack Kubernetes Provider
Hi Rohit, Three questions: 1. Would you be ok with one large PR from our Github repo? Since Git does not permit merging unrelated branches, I'd need to figure out a way to preserve history first. The alternative would be several PRs containing individual aspects of the code. 2. How should authorship information be handled? Do I need to collect a list of contributors for those parts that were taken from the old cloud provider? On the SWISS TXT side, only @joschi36 and myself contributed code. Should there be an AUTHORS file? 3. How should contributions be handled? Exclusively via PRs or would you give commit rights to @joschi36 and me? I'm unfamiliar with the development process in Apache projects, so links to relevant documentation would also be helpful. Regards, Gregor From: Rohit Yadav Sent: 21 July 2019 17:04 To: priv...@cloudstack.apache.org ; dev@cloudstack.apache.org ; us...@cloudstack.apache.org Subject: Re: CloudStack Kubernetes Provider Hi Gregor, The repository is up now to receive contributions: https://github.com/apache/cloudstack-kubernetes-provider PMCs - ping, any thoughts on contributions? Can Gregor or any interested parties simply send a pull request based on the old provider codebase that is under Apache License v2.0 (https://github.com/kubernetes/kubernetes/tree/release-1.15/pkg/cloudprovider/providers/cloudstack)? Regards, Rohit Yadav Software Architect, ShapeBlue https://www.shapeblue.com From: Riepl, Gregor (SWISS TXT) Sent: Thursday, July 11, 2019 3:15:12 PM To: priv...@cloudstack.apache.org ; dev@cloudstack.apache.org Cc: us...@cloudstack.apache.org Subject: Re: CloudStack Kubernetes Provider Hi Rohit, > One of the community contributors from SwissTxt Gregor Riepl > (@onitake) have also offered to contribute their provider (which is > already under the Apache v2.0 license) which they have based on the > original provider: > https://github.com/kubernetes/enhancements/issues/672#issuecomment-510353660 This CCM is actually based on the old code in > https://github.com/kubernetes/kubernetes/tree/release-1.15/pkg/cloudprovider/providers/cloudstack We removed some stuff that is not relevant for a standalone controller and added a few patches that were not accepted upstream due to the deprecation. There's still some open issues, if you look at the tracker at https://github.com/swisstxt/cloudstack-cloud-controller-manager/issues Issue #9 in particular needs fixing, or the controller will be a bit difficult to deploy in a generic k8s environment. > PMCs - If Gregor wants to donate their changes based on the > old/original provider to CloudStack, is there a formal donation > process that he/swisstxt needs to be used or a simple pull request > can be sent? We're open to any suggestions. You can also simply fork the Github repo and start from there. ☺ Regards, Gregor rohit.ya...@shapeblue.com www.shapeblue.com Amadeus House, Floral Street, London WC2E 9DPUK @shapeblue
Re: CloudStack Kubernetes Provider
I am fine with it... On Sun, Jul 21, 2019, 11:04 AM Rohit Yadav wrote: > Hi Gregor, > > > The repository is up now to receive contributions: > > https://github.com/apache/cloudstack-kubernetes-provider > > > PMCs - ping, any thoughts on contributions? Can Gregor or any interested > parties simply send a pull request based on the old provider codebase that > is under Apache License v2.0 ( > https://github.com/kubernetes/kubernetes/tree/release-1.15/pkg/cloudprovider/providers/cloudstack > )? > > > Regards, > > Rohit Yadav > > Software Architect, ShapeBlue > > https://www.shapeblue.com > > > From: Riepl, Gregor (SWISS TXT) > Sent: Thursday, July 11, 2019 3:15:12 PM > To: priv...@cloudstack.apache.org ; > dev@cloudstack.apache.org > Cc: us...@cloudstack.apache.org > Subject: Re: CloudStack Kubernetes Provider > > Hi Rohit, > > > One of the community contributors from SwissTxt Gregor Riepl > > (@onitake) have also offered to contribute their provider (which is > > already under the Apache v2.0 license) which they have based on the > > original provider: > > > https://github.com/kubernetes/enhancements/issues/672#issuecomment-510353660 > > This CCM is actually based on the old code in > > > > https://github.com/kubernetes/kubernetes/tree/release-1.15/pkg/cloudprovider/providers/cloudstack > > We removed some stuff that is not relevant for a standalone controller > and added a few patches that were not accepted upstream due to the > deprecation. > > There's still some open issues, if you look at the tracker at > https://github.com/swisstxt/cloudstack-cloud-controller-manager/issues > > Issue #9 in particular needs fixing, or the controller will be a bit > difficult to deploy in a generic k8s environment. > > > PMCs - If Gregor wants to donate their changes based on the > > old/original provider to CloudStack, is there a formal donation > > process that he/swisstxt needs to be used or a simple pull request > > can be sent? > > We're open to any suggestions. > You can also simply fork the Github repo and start from there. ☺ > > Regards, > Gregor > > rohit.ya...@shapeblue.com > www.shapeblue.com > Amadeus House, Floral Street, London WC2E 9DPUK > @shapeblue > > > >
