You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by pa...@apache.org on 2019/07/22 19:33:46 UTC

[cloudstack-documentation] branch master updated: KVM direct downloads (#54)

This is an automated email from the ASF dual-hosted git repository.

paul_a pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cloudstack-documentation.git


The following commit(s) were added to refs/heads/master by this push:
     new 86e3834  KVM direct downloads (#54)
86e3834 is described below

commit 86e38340b77aebf7af3bfc54752fe0311254fa34
Author: Nicolas Vazquez <ni...@gmail.com>
AuthorDate: Mon Jul 22 16:33:41 2019 -0300

    KVM direct downloads (#54)
    
    Update documentation for KVM direct downloads
---
 source/_static/images/kvm-direct-download.png      | Bin 0 -> 6710 bytes
 source/adminguide/templates.rst                    |   3 +
 .../templates/_bypass-secondary-storage-kvm.rst    |  90 +++++++++++++++++++++
 3 files changed, 93 insertions(+)

diff --git a/source/_static/images/kvm-direct-download.png b/source/_static/images/kvm-direct-download.png
new file mode 100644
index 0000000..d29dab6
Binary files /dev/null and b/source/_static/images/kvm-direct-download.png differ
diff --git a/source/adminguide/templates.rst b/source/adminguide/templates.rst
index 51f2361..ca4f96d 100644
--- a/source/adminguide/templates.rst
+++ b/source/adminguide/templates.rst
@@ -273,6 +273,8 @@ To upload a template:
       the Featured Templates list. Only an administrator can make a
       template Featured.
 
+.. include:: templates/_bypass-secondary-storage-kvm.rst
+
 Uploading Templates from a local computer
 -------------------------------------------
 
@@ -319,3 +321,4 @@ template.
    :alt: Depicts hiding the EULA page.
 .. |change-admin-password.png| image:: /_static/images/change-admin-password.png
    :alt: Depicts changing the administrator password
+.. |kvm-direct-download.png| image:: /_static/images/kvm-direct-download.png
diff --git a/source/adminguide/templates/_bypass-secondary-storage-kvm.rst b/source/adminguide/templates/_bypass-secondary-storage-kvm.rst
new file mode 100644
index 0000000..7f6de4c
--- /dev/null
+++ b/source/adminguide/templates/_bypass-secondary-storage-kvm.rst
@@ -0,0 +1,90 @@
+.. Licensed to the Apache Software Foundation (ASF) under one
+   or more contributor license agreements.  See the NOTICE file
+   distributed with this work for additional information#
+   regarding copyright ownership.  The ASF licenses this file
+   to you under the Apache License, Version 2.0 (the
+   "License"); you may not use this file except in compliance
+   with the License.  You may obtain a copy of the License at
+   http://www.apache.org/licenses/LICENSE-2.0
+   Unless required by applicable law or agreed to in writing,
+   software distributed under the License is distributed on an
+   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+   KIND, either express or implied.  See the License for the
+   specific language governing permissions and limitations
+   under the License.
+
+
+.. _bypass-secondary-storage-kvm:
+
+Bypassing Secondary Storage For KVM templates
+--------------------------------------------
+
+CloudStack provides an additional way to register and use templates on KVM.
+
+Instead of registering a template and storing it on secondary storage, the user can opt to skip downloading the template to secondary storage for KVM at template registration. At deployment time, the template is downloaded directly to primary storage from the registered source, instead of being copied from secondary storage.
+
+Supported protocols: HTTP/HTTPS, NFS and metalinks. The protocol is obtained from the template URL.
+
+To enable this option for a template:
+
+#. In the left navigation bar, click Templates.
+
+#. Click Register Template.
+
+#. Select KVM as hypervisor:
+
+   |kvm-direct-download.png|
+
+   -  **Direct Download**. This option will be shown in the UI when KVM is selected as the hypervisor. Choose Yes to enable the bypassing secondary storage option.
+
+   -  **Checksum**. Optional field. If this field is populated, the checksum is compared to the downloaded template checksum when the template is downloaded to primary storage at deployment time.
+
+After the template is registered, it is automatically available for VM deployments.
+
+Uploading Certificates for Direct Downloads
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+For direct downloads over HTTPS, the KVM hosts must have valid certificates. These certificates can be either self-signed or signed and will allow the KVM hosts to access the templates/ISOs and download them.
+
+CloudStack provides some APIs to handle certificates for direct downloads:
+
+- Upload a certificate to hosts in 'Up' state in a zone with id = ZONE_ID:
+
+   .. code:: bash
+
+         upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID certificate=CERTIFICATE_FORMATTED
+
+   where:
+      - CERTIFICATE_FORMATTED is the string format of a X509 certificate
+      - CERTIFICATE_ALIAS is the alias which will be used to import the certificate on each KVM host
+
+   **Note:**. These certificates are imported into the /etc/cloudstack/agent/cloud.jks keystore on each KVM host.
+
+- Revoke a certificate from every host in 'Up' state in a zone with id = ZONE_ID:
+   
+   .. code:: bash
+
+         revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID
+
+- It is also possible to revoke a certificate from a specific host within a zone:
+
+   .. code:: bash
+
+         revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID hostid=HOST_ID
+
+- After a certificate is revoked from a host within a zone, it can be re-uploaded to the host:
+
+   .. code:: bash
+
+         upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID certificate=CERTIFICATE_FORMATTED hostid=HOST_ID
+
+Syncronising Certificates for Direct Downloads
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+As new hosts may be added to a zone which do not include a certificate which was previously uploaded to pre-existing hosts.
+
+CloudStack provides a way to synchronize certificates across all the connected hosts in each zone. The global setting 'direct.download.certificate.background.task.interval' defines the interval in which the synchronization task will run. This task will:
+
+- Iterate through each enabled zone
+- Enumerate the connected hosts in a zone
+- Check which hosts are missing the certificates which have been already uploaded to other hosts
+- Upload missing certificates to hosts