Description of problem: A client should be able to upload iso/image while having connection only to engine IP. Right now there's need to either mount storage from client (NFS) or use ssh. Both cases need that FW allows client to access storage or storage server (ssh). This is security and design problem. I could image following scenario: - client uses a CLI tool to upload an iso - CLI tools connects to engine IP (webdav)? - there's a app which catches uploaded iso and "forwards" the iso to storage. Engine already has ssh access to host so he could just copy iso via ssh (although it could be slow, for this kind it would be better to tune MAC/Ciphers [one could google misc list and there are some tips to make scp faster]) Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: client to upload iso/image needs access to host or storage Expected results: just use engine as "proxy" Additional info: in VMWare world, a user can upload file just fine from his client to vSphere just via mgmt GUI/Web UI
Also in the future maybe there could be a need to change current permissions system so a user can upload iso/images which would be visible just for him. Thus to access whole storage or having access to host directly is big risk.
*** This bug has been marked as a duplicate of bug 1091377 ***