Conversation
shwstppr
force-pushed
the
fix-copy-template-md5-mismatch-3191
branch
from
a318ee3 to
63e538b
Compare
|
Is this ready for testing @shwstppr or implementation in progress? |
|
@rhtyd I don't think the change/implementation is correct. I'm thinking of a better way. Will appreciate help here. |
|
ping if any updates here. |
|
@andrijapanicsb will look into it next week |
|
@shwstppr there are two different checksums indeed.
the original design has not taken this into account. |
|
@andrijapanicsb, I discussed with @shwstppr and this simple fix seems to work but does not take into account any special requirements on the design flaws as described above. any opinions? /cc @PaulAngus |
|
As discussed (internally) this fix simply set the source image md5sum to NULL (instead of reading a wrong md5sum from DB, from the compressed file) and thus when SSVM receives the files in the new zone, since no source MD5 sum was defined, it will not check and will consider an image as downloaded successfully - which should be fine in 99% of cases. I would like to test a silly thing - if the download of template (via the SSVM in the destination zone) is somehow interrupted - do we ever reach the MD5 "to check or not to check" part of code - ideally the download process should break and no false positive in sense of "successful" download. This can be tested while copying a template from zone1 to zone2, by logging in to zone1 SSVM and simply stopping the Apache webserver - simulating connection drop - and checking/confirm that on the destination zone the template download has broken as exected. @weizhouapache ping for opinion pls CC @rhtyd |
|
Is this ready or needs further update - @shwstppr @andrijapanicsb @PaulAngus @borisstoyanov ? |
|
needs testing as I suggested, unless someone has other opinions as well |
borisstoyanov
left a comment
borisstoyanov
left a comment
There was a problem hiding this comment.
I'm kind of -1 on this fix, simply because we're immediately cutting a functionality to the end user. I think we should add an explicit checksum parameter to the copy template api if the user wants to do that check (default = null). if checksum passed is null then yes skip it, but if a sum is passed then do the check.
|
I'm not sure if adding checksum parameter would add any functionality to the user or solve the problem here. As mentioned above copy and create template same code for downloading and checking checksum. For correctly checking checksum while copying a template code should compare the checksum of the copied file and the installed template file and not the checksum of copied file with the original checksum of the template. |
|
I agree with @borisstoyanov that having a checking mechanism is useful functionality, but not that we are cutting that with this PR. It is not there and would be new functionality. The proposal is sensible, but the problem is that the user would not know the checksum to input, unless they are an admin with access to the source store and manually create it, @shwstppr. Making your solution an automation of the process that would happen in @borisstoyanov 's solution. If you can make it happen, please. Else, we are half way there with the extra parameter. |
shwstppr
force-pushed
the
fix-copy-template-md5-mismatch-3191
branch
from
63e538b to
6b0ae7d
Compare
|
@shwstppr @borisstoyanov /cc @DaanHoogland where are we with this one? |
|
I'm also OK if we move forward withOUT MD5 sum now for 4.14, and create an additional issue for 4.15 to add MD5 checksum ? |
|
@andrijapanicsb It is a bug, i think we want it on 4.13 |
|
And what about backward "compatibility". |
|
no, in theory ;) if the checksum stored is an md5 a check will be done against that. |
|
Trillian test result (tid-799)
|
|
Trillian test result (tid-800)
|
|
Trillian test result (tid-796)
|
borisstoyanov
left a comment
borisstoyanov
left a comment
There was a problem hiding this comment.
LGTM, manually verified we don't see the checksum error on copy. The other case where having a crosszone template and adding a new zone is not really a valid case since we can't add a checksum and leave blank zone at the same time. I think it's good for merging.
|
|
|
ping @shwstppr @rhtyd @andrijapanicsb @nvazquez @PaulAngus , alright like this? I need a second ok, after @borisstoyanov 's testing |
|
@blueorangutan package |
|
@borisstoyanov a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
|
Packaging result: ✖centos6 ✔centos7 ✔debian. JID-717 |
|
@blueorangutan test |
|
@borisstoyanov a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
|
Trillian test result (tid-859)
|
|
@rhtyd good to go? |
|
LGTM, checking travis. Will merge if it's ok. |
Fixes apache#3191 When a template is registered, code stores md5sum of the downloaded file in the vm_template table. However, this downloaded file could be deleted after template installation if it is not an actual (.qcow2, .ova, etc.) file. When the user copies a template using copyTemplate API, the actual template file will be copied across the image stores. Matching checksum for the copied templated file and the stored value from the vm_template table will result in a mismatch. Changes will set an empty checksum value for the copied template while passing to download service which allows skipping wrong checksum check for the copied while install. However, this results in a change in checksum value for concerned template entry in vm_template table post template install. Co-authored-by: dahn <daan.hoogland@gmail.com>
7 participants
Description
Fixes #3191
When a template is registered, code stores md5sum of the downloaded file in the
vm_templatetable. However, this downloaded file could be deleted after template installation if it is not an actual (.qcow2,.ova, etc.) file. When the user copies a template using copyTemplate API, the actual template file will be copied across the image stores. Matching checksum for the copied templated file and the stored value from thevm_templatetable will result in a mismatch.Changes will set an empty checksum value for the copied template while passing to download service which allows skipping wrong checksum check for the copied while install.
However, this results in a change in checksum value for concerned template entry in
vm_templatetable post template install.Types of changes
Screenshots (if appropriate):
How Has This Been Tested?
cmk