Hi,

On our cloud, we made it work, but it's a bit of a hack. The end result is that the "source" line in the image template details in the sunstone image tab is a click-able link.

here you can see a screenshot:
https://www.cloud.sara.nl/projects/hpc-cloud-documentation/wiki/Downloading_Images


A first attempt to use "send_file()" in ruby did not work since there is a problem with the "Thin" library that sinatra (sunstone) is using. Thin will always load the entire file into memory before sending it out. Not what you want. (Yes, you can set params on send_file, but apparantly, the Thin layer keeps buffering the whole file.)

So we went back to basics and made it a simple html file download link:
(The following works om 3.2.1, haven't tried it with 3.4)


1. Add a "get path" to /usr/lib/one/sunstone/sunstone-server.rb

I put this just above the "Monitoring" comment:

get '/download/var/lib/one/images/:filename' do |filename|
    redirect "http://ui.calligo.sara.nl/yourimagesdirectory/"+filename
end


2. Serve the "images" directory

You have to make sure that the /var/lib/one/images direcory is served by a webserver (apache, lighthttps, whatever) on http://<hostname>/yourimagesdirectory/<filename>.
(Of course you can change this location.)

Again, we'd very much prefer to do this with the send_file in ruby, but the problem with the buffering makes this impossible.

Since we are using the lighthttpd proxy for sunstone, we just added a symbolic link to the opennebula image directory to the documentroot. (If you're using the proxy, you'll need to exempt that directory.)


3. Adapt the sunstone plugin

Look for

<td class="value_td">'+(typeof img_info.SOURCE === "string" ? img_info.SOURCE : "--")+'</td>\

And change it to

<td class="value_td">\
  <a href="/download' + img_info.SOURCE + '">'
  +(typeof img_info.SOURCE === "string" ? img_info.SOURCE : "--")
  +'</a></td>\


Now just go to the image tab in sunstone, select an image, look for the source line tin the image template and click on it do download it.


4. Security

Do note that this means you have a publicly browse-able directory with all you images!

However there is some security due to the naming of the image files: a brute force attack would be required to find a UID that matches with an existing image name.

Make sure the directory shows no directory listing, of course, or someone could just wget the entire directory!

Again, definitely not a 100% safe solution and the moment the Thin problem with send_file gets resolved, or sunstone moves to another library, we'll change this. but for the moment, it actually works rather nicely.

Hope this can inspire you to crate a better solution. :)

Wkr,

Jhon
_______________________________________________
Users mailing list
[email protected]
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Reply via email to