A new feature introduced in CloudPlatform 4.5.1 (CCP) enables user to directly upload a volume/template using a standard web browser from local system to CCP. Earlier the same would need the volume/template to be hosted in a web server. This has simplified the upload process as now there is no dependency on web servers.

The figure below explains the steps involved in volume/template upload from browser.

image2014-2-19 12:59:26

A. Management Server generates a unique pre-shared key (PSK) and shares it with the agent running on SSVM.

B. A new API request “getUploadParamsForVolume/Template” is made to Management Server to register the volume/template metadata. Request parameters include name, format, etc.

C. Management Server response to (B) returns URL to upload the volume/template file, encrypted metadata required to handle the file on secondary storage VM (SSVM) and SHA1 signature generated using PSK for verifying authenticity of request.

D. The volume/template file is uploaded over HTTPS POST to the URL obtained in (C). The metadata and signature returned in (C) should be passed as is.

E. The web server (Apache) on SSVM receives the request and forwards it to the SSVM agent as plain HTTP. The SSVM agent verifies the signature and decrypts metadata using the PSK. Once the request is verified, the volume/template is copied to the secondary storage location present in the metadata.

F. Once the upload completes, the MD5 checksum is compared (if available from C). At this point the volume/template can be used for regular operations.

1.1 UI Screens

The UI screens for uploading volume/template is shown below. The various input parameters forms part of the metadata associated with the POST request to SSVM. UI internally invokes the APIs described in the next section.



1.2 New APIs

A couple of new APIs are added to use the feature: GetUploadParamsForVolume, GetUploadParamsForTemplate.

1.2.1 Volume upload API example

The following are the API request and response sequence for uploading a volume. For template the flow remains the same, only the API is replaced with getUploadParamsForTemplate along with some additional input parameters.

1. Request to MS


2. Response in JSON format from MS. Notice the POST URL, it has the public IP (‘.’ Replaced with ‘-‘) of the SSVM followed by a domain name (as specified in global configuration ‘secstorage.ssl.cert.domain’). The DNS needs to be configured correctly so that the domain name can be resolved. For details refer to https://cwiki.apache.org/confluence/display/CLOUDSTACK/Procedure+to+Replace+realhostip.com+with+Your+Own+Domain+Name.


postURL: https://1-2-3-4.xyz.com/upload/C7D351D2-F167-4CC8-A9FF-3BECB0A625C4,

metadata: TKPFeuz2nHmE/kcREEu24mnj1MrLdzOeJIHXR9HLIGgk56bkRJHaD0RRL2lds1rKKhrro4/PuleEh4YhRinhxaAmPpU4e55eprG8gTCX0ItyFAtlZViVdKXMew5Dfp4Qg8W9I1/IsDJd2Kas9/ftDQLiemAlPt0uS7Ou6asOCpifnBaKvhM4UGEjHSnni1KhBzjgEyDW3Y42HKJSSv58Sgmxl9LCewBX8vtn9tXKr+j4afj7Jlh7DFhyo9HOPC5ogR4hPBKqP7xF9tHxAyq6YqfBzsng3Xwe+Pb8TU1kFHg1l2DM4tY6ooW2h8lOhWUkrJu4hOAOeTeRtCjW3H452NKoeA1M8pKWuqMo5zRMti2u2hNZs0YY2yOy8oWMMG+lG0hvIlajqEU=,

signature: de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9,

expires: 2014-10-17T12:00:00+0530,

id: C7D351D2-F167-4CC8-A9FF-3BECB0A625C4


3. Volume upload request to SSVM. Note that the metadata, expires and signature are passed as is along with the volume to be uploaded.

curl -X POST “https://1-2-3-4.xyz.com/upload/C7D351D2-F167-4CC8-A9FF-3BECB0A625C4” -H “X-signature:de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9” -H “X-metadata:TKPFeuz2nHmE/kcREEu24mnj1MrLdzOeJIHXR9HLIGgk56bkRJHaD0RRL2lds1rKKhrro4/PuleEh4YhRinhxaAmPpU4e55eprG8gTCX0ItyFAtlZViVdKXMew5Dfp4Qg8W9I1/IsDJd2Kas9/ftDQLiemAlPt0uS7Ou6asOCpifnBaKvhM4UGEjHSnni1KhBzjgEyDW3Y42HKJSSv58Sgmxl9LCewBX8vtn9tXKr+j4afj7Jlh7DFhyo9HOPC5ogR4hPBKqP7xF9tHxAyq6YqfBzsng3Xwe+Pb8TU1kFHg1l2DM4tY6ooW2h8lOhWUkrJu4hOAOeTeRtCjW3H452NKoeA1M8pKWuqMo5zRMti2u2hNZs0YY2yOy8oWMMG+lG0hvIlajqEU=” -H “X-expires:2014-10-17T12:00:00+0530” -F “file=@volume.vhd” -v

4. Volume response from SSVM in a successful scenario.

200 OK – (upload is successful)