You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by da...@apache.org on 2022/08/02 06:47:03 UTC
[cloudstack] branch main updated: externalizes used protocol to upload isos, volumes and templates (#6506)
This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/main by this push:
new ac2857158d externalizes used protocol to upload isos, volumes and templates (#6506)
ac2857158d is described below
commit ac2857158d8b00218cfe5217976e138b469096ad
Author: Rodrigo D. Lopez <19...@users.noreply.github.com>
AuthorDate: Tue Aug 2 03:46:55 2022 -0300
externalizes used protocol to upload isos, volumes and templates (#6506)
Co-authored-by: Lopez <ro...@scclouds.com.br>
---
.../java/com/cloud/storage/VolumeApiService.java | 8 +++++
.../com/cloud/storage/VolumeApiServiceImpl.java | 5 +--
.../com/cloud/template/TemplateManagerImpl.java | 4 ++-
.../SecondaryStorageManagerImpl.java | 5 +++
systemvm/debian/etc/apache2/vhost.template | 7 ++--
systemvm/debian/opt/cloud/bin/setup/common.sh | 3 ++
systemvm/debian/opt/cloud/bin/setup/secstorage.sh | 22 ++++++++++--
.../utils/imagestore/ImageStoreUtil.java | 4 +--
.../utils/imagestore/ImageStoreUtilTest.java | 39 +++++++++++++++++-----
9 files changed, 80 insertions(+), 17 deletions(-)
diff --git a/api/src/main/java/com/cloud/storage/VolumeApiService.java b/api/src/main/java/com/cloud/storage/VolumeApiService.java
index 84559e66a9..3d37c2ec4f 100644
--- a/api/src/main/java/com/cloud/storage/VolumeApiService.java
+++ b/api/src/main/java/com/cloud/storage/VolumeApiService.java
@@ -46,6 +46,14 @@ public interface VolumeApiService {
, true // not sure if this is to be dynamic
, ConfigKey.Scope.Global);
+ ConfigKey<Boolean> UseHttpsToUpload = new ConfigKey<Boolean>("Advanced",
+ Boolean.class,
+ "use.https.to.upload",
+ "true",
+ "Determines the protocol (HTTPS or HTTP) ACS will use to generate links to upload ISOs, volumes, and templates. When set as 'true', ACS will use protocol HTTPS, otherwise, it will use protocol HTTP. Default value is 'true'.",
+ true,
+ ConfigKey.Scope.StoragePool);
+
/**
* Creates the database object for a volume based on the given criteria
*
diff --git a/server/src/main/java/com/cloud/storage/VolumeApiServiceImpl.java b/server/src/main/java/com/cloud/storage/VolumeApiServiceImpl.java
index e6726f6977..ea10043e41 100644
--- a/server/src/main/java/com/cloud/storage/VolumeApiServiceImpl.java
+++ b/server/src/main/java/com/cloud/storage/VolumeApiServiceImpl.java
@@ -429,8 +429,9 @@ public class VolumeApiServiceImpl extends ManagerBase implements VolumeApiServic
GetUploadParamsResponse response = new GetUploadParamsResponse();
String ssvmUrlDomain = _configDao.getValue(Config.SecStorageSecureCopyCert.key());
+ String protocol = UseHttpsToUpload.value() ? "https" : "http";
- String url = ImageStoreUtil.generatePostUploadUrl(ssvmUrlDomain, ep.getPublicAddr(), vol.getUuid());
+ String url = ImageStoreUtil.generatePostUploadUrl(ssvmUrlDomain, ep.getPublicAddr(), vol.getUuid(), protocol);
response.setPostURL(new URL(url));
// set the post url, this is used in the monitoring thread to determine the SSVM
@@ -4445,6 +4446,6 @@ public class VolumeApiServiceImpl extends ManagerBase implements VolumeApiServic
@Override
public ConfigKey<?>[] getConfigKeys() {
- return new ConfigKey<?>[] {ConcurrentMigrationsThresholdPerDatastore, AllowUserExpungeRecoverVolume, MatchStoragePoolTagsWithDiskOffering};
+ return new ConfigKey<?>[] {ConcurrentMigrationsThresholdPerDatastore, AllowUserExpungeRecoverVolume, MatchStoragePoolTagsWithDiskOffering, UseHttpsToUpload};
}
}
diff --git a/server/src/main/java/com/cloud/template/TemplateManagerImpl.java b/server/src/main/java/com/cloud/template/TemplateManagerImpl.java
index 7e7a3aeb28..2f1e1a552d 100755
--- a/server/src/main/java/com/cloud/template/TemplateManagerImpl.java
+++ b/server/src/main/java/com/cloud/template/TemplateManagerImpl.java
@@ -34,6 +34,7 @@ import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
+import com.cloud.storage.VolumeApiService;
import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.api.BaseListTemplateOrIsoPermissionsCmd;
@@ -379,8 +380,9 @@ public class TemplateManagerImpl extends ManagerBase implements TemplateManager,
TemplateOrVolumePostUploadCommand firstCommand = payload.get(0);
String ssvmUrlDomain = _configDao.getValue(Config.SecStorageSecureCopyCert.key());
+ String protocol = VolumeApiService.UseHttpsToUpload.value() ? "https" : "http";
- String url = ImageStoreUtil.generatePostUploadUrl(ssvmUrlDomain, firstCommand.getRemoteEndPoint(), firstCommand.getEntityUUID());
+ String url = ImageStoreUtil.generatePostUploadUrl(ssvmUrlDomain, firstCommand.getRemoteEndPoint(), firstCommand.getEntityUUID(), protocol);
response.setPostURL(new URL(url));
// set the post url, this is used in the monitoring thread to determine the SSVM
diff --git a/services/secondary-storage/controller/src/main/java/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java b/services/secondary-storage/controller/src/main/java/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java
index a6d425c060..9c9b4f5632 100644
--- a/services/secondary-storage/controller/src/main/java/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java
+++ b/services/secondary-storage/controller/src/main/java/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java
@@ -30,6 +30,7 @@ import java.util.Map;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
+import com.cloud.storage.VolumeApiService;
import com.cloud.utils.PasswordGenerator;
import org.apache.cloudstack.agent.lb.IndirectAgentLB;
import org.apache.cloudstack.ca.CAManager;
@@ -1175,6 +1176,10 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar
s_logger.debug(String.format("Boot args for machine profile [%s]: [%s].", profile.toString(), bootArgs));
}
+ boolean useHttpsToUpload = BooleanUtils.toBooleanDefaultIfNull(VolumeApiService.UseHttpsToUpload.value(), true);
+ s_logger.debug(String.format("Setting UseHttpsToUpload config on cmdline with [%s] value.", useHttpsToUpload));
+ buf.append(" useHttpsToUpload=").append(useHttpsToUpload);
+
return true;
}
diff --git a/systemvm/debian/etc/apache2/vhost.template b/systemvm/debian/etc/apache2/vhost.template
index e9301042ca..626705c8b2 100644
--- a/systemvm/debian/etc/apache2/vhost.template
+++ b/systemvm/debian/etc/apache2/vhost.template
@@ -39,6 +39,9 @@
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
+ # Include HTTP configuration **IF SET**
+ IncludeOptional /etc/apache2/http.conf
+
</VirtualHost>
<IfModule mod_ssl.c>
@@ -83,8 +86,8 @@
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
- # Include CORS configuration **IF SET**
- IncludeOptional /etc/apache2/[cC][oO][rR][sS].conf
+ # Include HTTPS configuration **IF SET**
+ IncludeOptional /etc/apache2/https.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
diff --git a/systemvm/debian/opt/cloud/bin/setup/common.sh b/systemvm/debian/opt/cloud/bin/setup/common.sh
index 18a78311ae..e908519c45 100755
--- a/systemvm/debian/opt/cloud/bin/setup/common.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/common.sh
@@ -882,6 +882,9 @@ parse_cmd_line() {
privatekey)
export PRIVATEKEY=$VALUE
;;
+ useHttpsToUpload)
+ export USEHTTPS=$VALUE
+ ;;
esac
done
echo -e "\n\t}\n}" >> ${CHEF_TMP_FILE}
diff --git a/systemvm/debian/opt/cloud/bin/setup/secstorage.sh b/systemvm/debian/opt/cloud/bin/setup/secstorage.sh
index 3b21ed5cae..9cef70865a 100755
--- a/systemvm/debian/opt/cloud/bin/setup/secstorage.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/secstorage.sh
@@ -50,7 +50,11 @@ setup_secstorage() {
a2enmod proxy_http
a2enmod headers
- cat >/etc/apache2/cors.conf <<CORS
+ if [ -z $USEHTTPS ] | $USEHTTPS ; then
+ if [ -f /etc/apache2/http.conf ]; then
+ rm -rf /etc/apache2/http.conf
+ fi
+ cat >/etc/apache2/https.conf <<HTTPS
RewriteEngine On
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_METHOD} =POST
@@ -58,7 +62,21 @@ RewriteRule ^/upload/(.*) http://127.0.0.1:8210/upload?uuid=\$1 [P,L]
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, OPTIONS"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires"
-CORS
+HTTPS
+ else
+ if [ -f /etc/apache2/https.conf ]; then
+ rm -rf /etc/apache2/https.conf
+ fi
+ cat >/etc/apache2/http.conf <<HTTP
+RewriteEngine On
+RewriteCond %{REQUEST_METHOD} =POST
+RewriteRule ^/upload/(.*) http://127.0.0.1:8210/upload?uuid=\$1 [P,L]
+Header always set Access-Control-Allow-Origin "*"
+Header always set Access-Control-Allow-Methods "POST, OPTIONS"
+Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires"
+HTTP
+ fi
+
disable_rpfilter
enable_fwding 0
diff --git a/utils/src/main/java/org/apache/cloudstack/utils/imagestore/ImageStoreUtil.java b/utils/src/main/java/org/apache/cloudstack/utils/imagestore/ImageStoreUtil.java
index 5d6ba2cd5f..462e3c36f8 100644
--- a/utils/src/main/java/org/apache/cloudstack/utils/imagestore/ImageStoreUtil.java
+++ b/utils/src/main/java/org/apache/cloudstack/utils/imagestore/ImageStoreUtil.java
@@ -26,7 +26,7 @@ import org.apache.log4j.Logger;
public class ImageStoreUtil {
public static final Logger s_logger = Logger.getLogger(ImageStoreUtil.class.getName());
- public static String generatePostUploadUrl(String ssvmUrlDomain, String ipAddress, String uuid) {
+ public static String generatePostUploadUrl(String ssvmUrlDomain, String ipAddress, String uuid, String protocol) {
String hostname = ipAddress;
//if ssvm url domain is present, use it to construct hostname in the format 1-2-3-4.domain
@@ -39,7 +39,7 @@ public class ImageStoreUtil {
}
//only https works with postupload and url format is fixed
- return "https://" + hostname + "/upload/" + uuid;
+ return String.format("%s://%s/upload/%s", protocol, hostname, uuid);
}
// given a path, returns empty if path is supported image, and the file type if unsupported
diff --git a/utils/src/test/java/org/apache/cloudstack/utils/imagestore/ImageStoreUtilTest.java b/utils/src/test/java/org/apache/cloudstack/utils/imagestore/ImageStoreUtilTest.java
index ace765ad09..b7df14dc85 100644
--- a/utils/src/test/java/org/apache/cloudstack/utils/imagestore/ImageStoreUtilTest.java
+++ b/utils/src/test/java/org/apache/cloudstack/utils/imagestore/ImageStoreUtilTest.java
@@ -26,29 +26,52 @@ import org.junit.Test;
public class ImageStoreUtilTest {
@Test
- public void testgeneratePostUploadUrl() throws MalformedURLException {
+ public void testgenerateHttpsPostUploadUrl() throws MalformedURLException {
String ssvmdomain = "*.realhostip.com";
String ipAddress = "10.147.28.14";
String uuid = UUID.randomUUID().toString();
+ String protocol = "https";
//ssvm domain is not set
- String url = ImageStoreUtil.generatePostUploadUrl(null, ipAddress, uuid);
- assertPostUploadUrl(url, ipAddress, uuid);
+ String url = ImageStoreUtil.generatePostUploadUrl(null, ipAddress, uuid, protocol);
+ assertPostUploadUrl(url, ipAddress, uuid, protocol);
//ssvm domain is set to empty value
- url = ImageStoreUtil.generatePostUploadUrl("", ipAddress, uuid);
- assertPostUploadUrl(url, ipAddress, uuid);
+ url = ImageStoreUtil.generatePostUploadUrl("", ipAddress, uuid, protocol);
+ assertPostUploadUrl(url, ipAddress, uuid, protocol);
//ssvm domain is set to a valid value
- url = ImageStoreUtil.generatePostUploadUrl(ssvmdomain, ipAddress, uuid);
- assertPostUploadUrl(url, ipAddress.replace(".", "-") + ssvmdomain.substring(1), uuid);
+ url = ImageStoreUtil.generatePostUploadUrl(ssvmdomain, ipAddress, uuid, protocol);
+ assertPostUploadUrl(url, ipAddress.replace(".", "-") + ssvmdomain.substring(1), uuid, protocol);
}
- private void assertPostUploadUrl(String urlStr, String domain, String uuid) throws MalformedURLException {
+ @Test
+ public void testgenerateHttpPostUploadUrl() throws MalformedURLException {
+ String ssvmdomain = "*.realhostip.com";
+ String ipAddress = "10.147.28.14";
+ String uuid = UUID.randomUUID().toString();
+ String protocol = "http";
+
+ //ssvm domain is not set
+ String url = ImageStoreUtil.generatePostUploadUrl(null, ipAddress, uuid, protocol);
+ assertPostUploadUrl(url, ipAddress, uuid, protocol);
+
+ //ssvm domain is set to empty value
+ url = ImageStoreUtil.generatePostUploadUrl("", ipAddress, uuid, protocol);
+ assertPostUploadUrl(url, ipAddress, uuid, protocol);
+
+ //ssvm domain is set to a valid value
+ url = ImageStoreUtil.generatePostUploadUrl(ssvmdomain, ipAddress, uuid, protocol);
+ assertPostUploadUrl(url, ipAddress.replace(".", "-") + ssvmdomain.substring(1), uuid, protocol);
+ }
+
+ private void assertPostUploadUrl(String urlStr, String domain, String uuid, String protocol) throws MalformedURLException {
URL url = new URL(urlStr);
Assert.assertNotNull(url);
Assert.assertEquals(url.getHost(), domain);
Assert.assertEquals(url.getPath(), "/upload/" + uuid);
+ Assert.assertEquals(url.getProtocol(), protocol);
}
+
}