Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1059615

Summary: [RFE] Upload iso/image from a client just via engine acting as proxy
Product: [Retired] oVirt Reporter: Jiri Belka <jbelka>
Component: ovirt-engine-coreAssignee: Greg Padgett <gpadgett>
Status: CLOSED DUPLICATE QA Contact: bugs <bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.5CC: acathrow, amureini, gklein, iheim, scohen, s.kieske, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: 3.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: storage
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-24 13:37:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Storage RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jiri Belka 2014-01-30 09:24:01 UTC
Description of problem:
A client should be able to upload iso/image while having connection only to engine IP. Right now there's need to either mount storage from client (NFS) or use ssh. Both cases need that FW allows client to access storage or storage server (ssh).

This is security and design problem.

I could image following scenario:
- client uses a CLI tool to upload an iso
- CLI tools connects to engine IP (webdav)?
- there's a app which catches uploaded iso and "forwards" the iso to storage. Engine already has ssh access to host so he could just copy iso via ssh (although it could be slow, for this kind it would be better to tune MAC/Ciphers [one could google misc list and there are some tips to make scp faster])

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
client to upload iso/image needs access to host or storage

Expected results:
just use engine as "proxy"

Additional info:
in VMWare world, a user can upload file just fine from his client to vSphere just via mgmt GUI/Web UI

Comment 1 Jiri Belka 2014-01-30 09:26:49 UTC
Also in the future maybe there could be a need to change current permissions system so a user can upload iso/images which would be visible just for him. Thus to access whole storage or having access to host directly is big risk.

Comment 2 Sean Cohen 2014-07-24 13:37:32 UTC

*** This bug has been marked as a duplicate of bug 1091377 ***