No problem, I think these docs do not clearly state the supported storage providers, I will fix that. On this blog entry we have mentioned them: https://www.shapeblue.com/cloudstack-feature-first-look-direct-download-agnostic-of-the-storage-provider/
Currently the direct download feature is supported on NFS, local storage and shared mount point, but not for Ceph. Regards, Nicolas Vazquez From: Will Conrad <wcon...@hivelocity.net.INVALID> Date: Wednesday, 14 June 2023 at 10:58 To: users@cloudstack.apache.org <users@cloudstack.apache.org> Subject: Re: Direct Download/Bypass Secondary Storage option for templates Nicolas, I feel silly for not having read that documentation all the way through. Thank you for your assistance. I have another question, now. Since we've been working with this we have been trying various methods of testing directdownload templates. Since we were having problems with HTTPS, we tested HTTP. We have run into a problem where the template fails to download if the guest is using ceph storage. When we change to creating the VM on "local" storage, the template download succeeds and the VM creates successfully. Are there any insights you can provide here? Is there more documentation I may have missed? On Wed, Jun 14, 2023 at 9:39 AM Nicolas Vazquez < nicolas.vazq...@shapeblue.com> wrote: > Thanks Will, > > Currently it is only possible to upload the certificate via API but not > from the UI, please find it documented here: > https://docs.cloudstack.apache.org/en/latest/adminguide/templates.html#bypassing-secondary-storage-for-kvm-templates > . > > In your case as the template is stored on Github you may want to upload a > Github certificate to the hosts for the download to be trusted > > Regards, > Nicolas Vazquez > > > From: Will Conrad <wcon...@hivelocity.net.INVALID> > Date: Wednesday, 14 June 2023 at 10:06 > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > Subject: Re: Direct Download/Bypass Secondary Storage option for templates > Hi Wei and Nicolas, > > Thank you for you responses. > > Wei, > > I checked the host, and confirmed that yes the ca-certificates package is > installed and latest. > "root@lax2-cs-hv01:~# apt list ca-certificates -a > > Listing... Done > > ca-certificates/jammy-updates,jammy-security,now 20230311ubuntu0.22.04.1 > all [installed,automatic] > > ca-certificates/jammy 20211016 all > > > > Nicolas, > > "Have you tried uploading the required certificate for the https download > via the uploadTemplateDirectDownloadCertificate API?" > > No I have not. I was unaware of the need to do this. Is there documentation > I may have missed? What certificate is supposed to be uploaded and how is > it used? > > Regards, > > Willard > > On Tue, Jun 13, 2023 at 10:01 PM Nicolas Vazquez < > nicolas.vazq...@shapeblue.com> wrote: > > > Hi Will, > > > > Have you tried uploading the required certificate for the https download > > via the uploadTemplateDirectDownloadCertificate API? > > > > Regards, > > Nicolas Vazquez > > > > > > From: Wei ZHOU <ustcweiz...@gmail.com> > > Date: Tuesday, 13 June 2023 at 20:01 > > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > > Subject: Re: Direct Download/Bypass Secondary Storage option for > templates > > Hi Will, > > > > What hypervisor do you use ? Have you installed ca-crrtificates package? > > > > -Wei > > > > On Tuesday, 13 June 2023, Will Conrad <wcon...@hivelocity.net.invalid> > > wrote: > > > > > Hello again, Community! > > > > > > We're trying to make use of DirectDownload templates which makes use of > > the > > > "Bypass Secondary Storage" feature, but we seem to be having issues > with > > > this functionality. > > > > > > After setting up a new template with "Direct Download" turned on and an > > > HTTPS URL our template file won't download. The download source is a > file > > > stored in github. This is what we see in the logs: > > > > > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: WARN > > > [kvm.storage.KVMStorageProcessor] (agentRequest-Handler-5:) > > > (logid:7b08521c) Error downloading template 209 due to: Error on HTTPS > > > request: PKIX path building failed: > > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > > find valid certification path to requested target > > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: INFO > > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-1:) > > > (logid:7b08521c) Trying to fetch storage pool > > > 3b59a095-9e71-3e97-92a8-56aa3f931a5e from libvirt > > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: WARN > > > [kvm.storage.KVMStorageProcessor] (agentRequest-Handler-1:) > > > (logid:7b08521c) Error downloading template 209 due to: Error on HTTPS > > > request: PKIX path building failed: > > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > > find valid certification path to requested target > > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: INFO > > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-4:) > > > (logid:78a6fa93) Trying to fetch storage pool > > > 3b59a095-9e71-3e97-92a8-56aa3f931a5e from libvirt > > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: INFO > > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-4:) > > > (logid:78a6fa93) Asking libvirt to refresh storage pool > > > 3b59a095-9e71-3e97-92a8-56aa3f931a5e > > > Jun 13 16:12:07 lax2-cs-hv01 java[26054]: INFO > > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-2:) > > > (logid:7b08521c) Trying to fetch storage pool > > > 3b59a095-9e71-3e97-92a8-56aa3f931a5e from libvirt > > > Jun 13 16:12:08 lax2-cs-hv01 java[26054]: INFO > > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-3:) > > > (logid:78a6fa93) Trying to fetch storage pool > > > eb9f16ef-3ba3-4c50-9e64-807b6f2c8994 from libvirt > > > Jun 13 16:12:08 lax2-cs-hv01 java[26054]: INFO > > > [kvm.storage.LibvirtStorageAdaptor] (agentRequest-Handler-3:) > > > (logid:78a6fa93) Asking libvirt to refresh storage pool > > > eb9f16ef-3ba3-4c50-9e64-807b6f2c8994 > > > Jun 13 16:12:08 lax2-cs-hv01 java[26054]: WARN > > > [kvm.storage.KVMStorageProcessor] (agentRequest-Handler-2:) > > > (logid:7b08521c) Error downloading template 209 due to: Error on HTTPS > > > request: PKIX path building failed: > > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > > find valid certification path to requested target > > > > > > We've been through this documentation: > > > https://docs.cloudstack.apache.org/en/latest/adminguide/hosts.html#< > > https://docs.cloudstack.apache.org/en/latest/adminguide/hosts.html><<https://docs.cloudstack.apache.org/en/latest/adminguide/hosts.html%3e%3c> > https://docs.cloudstack.apache.org/en/latest/adminguide/hosts.html%3e><https://docs.cloudstack.apache.org/en/latest/adminguide/hosts.html%3e%3e> > > > securing-process > > > > > > but everything seems to be in order, on our side. Any insights here? > > > Happy to provide any logs or configuration information to assist. > > > > > > Regards, > > > > > > Willard Conrad > > > > > > DevOps Engineer > > > > > > Hivelocity, LLC > > > > > > > > > > > > > > >
