On 12/29/2014 06:13 PM, Tony James wrote:
>
> On Mon, Dec 29, 2014 at 5:26 AM, Itamar Heim <iheim(a)redhat.com> wrote:
>>
>> On 12/29/2014 09:25 AM, Nir Soffer wrote:
>>>
>>>
>>> ----- Original Message -----
>>>>
>>>>
>>>> From: "Tony James" <tony(a)anthonyjames.org>
>>>> To: devel(a)ovirt.org
>>>> Sent: Monday, December 29, 2014 3:30:49 AM
>>>> Subject: [ovirt-devel] UI Plugin to Upload ISO Files
>>>>
>>>> This message is in response to an earlier thread regarding a UI plugin
>>>> to upload ISO files. Like the original poster, Lucas, I began work on
>>>> a UI plugin to allow uploading ISO files through a UI plugin. After
>>>> reading the previous thread I'm re-thinking the architecture.
>>>>
>>>> It was suggested that the recommended approach to upload files to a
>>>> storage domain is through the VDSM API [1]. I'm pretty familiar
with
>>>> the oVirt REST API but have been unable to find documentation
>>>> regarding accessing the VDSM API. Should the VDSM API be accessible
>>>> by a UI plugin? If so, is there documentation available to do so?
>>>>
>>>> [1]
http://lists.ovirt.org/pipermail/devel/2014-December/009497.html
>>>
>>>
>>>
>>> Basically you have to:
>>> 1. Use the vdsm xmlrpc/jsonrpc to create an image
>>> 2. Use the vdsm http api to upload the data to the image. This will
>>> create
>>> a task and return a task id.
>>> 3. Use the vdsm xmlrpc/jsonrpc api to check the task status, and clear
>>> the task when done
>>>
>>> The xmlrpc/jsonrpc api is documented here:
>>>
>>>
>>>
http://gerrit.ovirt.org/gitweb?p=vdsm.git;a=blob;f=vdsm/rpc/vdsmapi-schem...
>>>
>>> You can check the code for upload here:
>>>
>>>
>>>
http://gerrit.ovirt.org/gitweb?p=vdsm.git;a=blob;f=vdsm/rpc/BindingXMLRPC...
>>
>>
>>
>> I assume the upload will be done via a servlet on the engine, not
>> directly
>> by the ui plugin accessing vdsm.
>> worth discussing your plans here, to make sure architecture/security are
>> correct.
>>
>
> I was planning on using a python CGI script which would accept the
> upload via POST from the UI plugin. The file would be stored in /tmp
> on the engine host.
>
> After the file was successfully uploaded, the CGI script would send a
> POST to a python HTTP server (BaseHTTPServer, also running on engine
> host) with the filename and storage domain information. This python
> script would then take care of mounting the storage domain and copying
> the file to the appropriate location.
>
> This was my initial approach, I plan on checking out the VDSM API as well.
>
my preference would be to stream via a servlet to the vdsm api, rather than
"store and forward" to avoid potentially exhausting space on engine or
having to deal with two phased task tracking.
the tricky part which requires a review is validating authentication and
authorization by the servlet - to make sure one has the permission to write
to a certain disk (for data domains) / iso domain.
this should be similar to the websocket novnc approach of validating user
has access to relevant VM (but Alon may correct me if its different)
notice there is one caveat for iso domains to having vdsm do the upload vs.
the iso-uploader utility - it would require vdsm to have write permissions
to the iso nfs path. but it allows uploading disks/vm's as well to data
stores, which i think is worth having the same pattern for both.
Would it be sufficient to verify that the user has been given the
StorageAdmin role before allowing an upload?