cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [cloudstack-documentation] PaulAngus commented on a change in pull request #54: KVM direct downloads
Date Mon, 22 Jul 2019 19:01:19 GMT
PaulAngus commented on a change in pull request #54: KVM direct downloads
URL: https://github.com/apache/cloudstack-documentation/pull/54#discussion_r305982998
 
 

 ##########
 File path: source/adminguide/templates/_bypass-secondary-storage-kvm.rst
 ##########
 @@ -0,0 +1,90 @@
+.. Licensed to the Apache Software Foundation (ASF) under one
+   or more contributor license agreements.  See the NOTICE file
+   distributed with this work for additional information#
+   regarding copyright ownership.  The ASF licenses this file
+   to you under the Apache License, Version 2.0 (the
+   "License"); you may not use this file except in compliance
+   with the License.  You may obtain a copy of the License at
+   http://www.apache.org/licenses/LICENSE-2.0
+   Unless required by applicable law or agreed to in writing,
+   software distributed under the License is distributed on an
+   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+   KIND, either express or implied.  See the License for the
+   specific language governing permissions and limitations
+   under the License.
+
+
+.. _bypass-secondary-storage-kvm:
+
+Bypassing Secondary Storage on KVM templates
+--------------------------------------------
+
+CloudStack provides an optional way to register and use templates on KVM.
+
+Instead of registering a template and use secondary storage as cache, it is possible to bypass
secondary storage on KVM templates registration. At deployment time, the template is downloaded
directly to primary storage avoiding the copy from secondary storage.
+
+Supported protocols: HTTP/HTTPS, NFS and metalinks. The protocol is obtained from the template
URL.
+
+To enable this option for a template:
+
+#. In the left navigation bar, click Templates.
+
+#. Click Register Template.
+
+#. Select KVM as hypervisor:
+
+   |kvm-direct-download.png|
+
+   -  **Direct Download**. It will be shown in the UI when KVM is selected as hypervisor.
Choose Yes for enabling the bypassing secondary storage option.
+
+   -  **Checksum**. Optional field. If this field is populated, the checksum is compared
to the downloaded template checksum when the template is downloaded to primary storage at
deployment time.
+
+After the template is registered, it is automatically available for VM deployments.
+
+Uploading certificates for direct downloads
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+For HTTPS direct downloads, the KVM hosts on a zone should need certificates.
+
+CloudStack provides some APIs to handle certificates for direct downloads:
+
+- Upload a certificate to hosts in 'Up' state in a zone with id = ZONE_ID:
+
+   .. code:: bash
+
+         upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID
certificate=CERTIFICATE_FORMATTED
+
+   where:
+      - CERTIFICATE_FORMATTED is the string format of a X509 certificate
+      - CERTIFICATE_ALIAS is the alias which will be used to import the certificate on each
KVM host
+
+   **Note:**. These certificates are imported into the /etc/cloudstack/agent/cloud.jks keystore
on each KVM host.
+
+- Revoke a certificate from every host in 'Up' state in a zone with id = ZONE_ID:
+   
+   .. code:: bash
+
+         revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID
+
+- It is also possible to revoke a certificate from a specific host within a zone:
+
+   .. code:: bash
+
+         revoke templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID
hostid=HOST_ID
+
+- After a certificate is revoked from a host within a zone, it can be re-uploaded to the
host:
+
+   .. code:: bash
+
+         upload templatedirectdownloadcertificate hypervisor=KVM name=CERTIFICATE_ALIAS zoneid=ZONE_ID
certificate=CERTIFICATE_FORMATTED hostid=HOST_ID
+
+Certificates for direct downloads synchronization task
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Certificates are uploaded to the running hosts in a zone at a certain moment. However, the
number of running hosts may change and new hosts added to the zone may not include the certificate
uploaded to the rest of the hosts.
 
 Review comment:
   ```suggestion
   As new hosts may be added to a zone which do not include a certificate which was previously
uploaded to pre-existing hosts.
   ```

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message