[libvirt] [ESX:Error] HTTP 403 error for CURL upload operation
Hi Everyone, Merry Christmas and Happy New Year! I'm trying to upload disk to ESX 5.0 server using the URL obtained by the server (during VM installation process); I'm using libcurl support in libvirt to upload the disk, but I get this error on file upload:----------------------* About to connect() to <ip> port 443 (#1) * Trying <ip>... * connected * found 153 certificates in /etc/ssl/certs/ca-certificates.crt * server certificate verification SKIPPED * compression: NULL * cipher: AES-128-CBC * MAC: SHA1
PUT /ha-nfc/52c6d592-7636-67c5-29f3-d5b373be4f42/disk-0.vmdk HTTP/1.1 User-Agent: libvirt-esx Host: <ip> Accept: */* Cookie: vmware_soap_session="521af33d-2bbe-38aa-21e8-13d474ccb023" Content-Type: text/xml; charset=UTF-8 SOAPAction: "urn:vim25" Content-Length: 7021568< HTTP/1.1 403 Forbidden < Date: Sun, 30 Dec 2012 01:28:19 GMT < Connection: close < Content-Type: text; charset=plain < Content-Length: 44 ----------------------To achieve this operation I've added a routine to support file Upload (for ESX driver as currently it only support buffer upload), I verified its functioning my uploading a file using datastore based URL:(http(s)//<ip>/file??dcPath=ha-datacenter?dsName=xxx). CURL options provided by me are; ----------- curl_easy_setopt(curl->handle, CURLOPT_UPLOAD, 1L); curl_easy_setopt(curl->handle, CURLOPT_URL, url); curl_easy_setopt(curl->handle, CURLOPT_READDATA, <data pointer>); curl_easy_setopt(curl->handle, CURLOPT_INFILESIZE_LARGE, (curl_off_t) fileData->size); curl_easy_setopt(curl->handle, CURLOPT_READFUNCTION, <read function>); curl_easy_setopt(curl->handle, CURLOPT_VERBOSE, 1);------------------------ My understanding is there needs to be some tuning done to ESX server to accept this upload operation, please suggest if anyone has faced this issue before. Thanks!Ata
2012/12/30 Ata Bohra <ata.husain@hotmail.com>:
Hi Everyone,
Merry Christmas and Happy New Year!
I'm trying to upload disk to ESX 5.0 server using the URL obtained by the server (during VM installation process); I'm using libcurl support in libvirt to upload the disk, but I get this error on file upload: ---------------------- * About to connect() to <ip> port 443 (#1) * Trying <ip>... * connected * found 153 certificates in /etc/ssl/certs/ca-certificates.crt * server certificate verification SKIPPED * compression: NULL * cipher: AES-128-CBC * MAC: SHA1
PUT /ha-nfc/52c6d592-7636-67c5-29f3-d5b373be4f42/disk-0.vmdk HTTP/1.1 User-Agent: libvirt-esx Host: <ip> Accept: */* Cookie: vmware_soap_session="521af33d-2bbe-38aa-21e8-13d474ccb023" Content-Type: text/xml; charset=UTF-8 SOAPAction: "urn:vim25" Content-Length: 7021568 < HTTP/1.1 403 Forbidden < Date: Sun, 30 Dec 2012 01:28:19 GMT < Connection: close < Content-Type: text; charset=plain < Content-Length: 44
The URL /ha-nfc/52c6d592-7636-67c5-29f3-d5b373be4f42/disk-0.vmdk looks like the lease you get during OVA import on the ESX server to upload a disk image to, isn't it? I'm not sure why you would get and Forbidden error from the server here. Are you logged in with an restricted user account instead of the root account?
To achieve this operation I've added a routine to support file Upload (for ESX driver as currently it only support buffer upload), I verified its functioning my uploading a file using datastore based URL: (http(s)//<ip>/file??dcPath=ha-datacenter?dsName=xxx).
Are you trying to upload directly to the root of the datastore? IIRC this isn't allowed and you can only upload subdirectories in the datastore as in http(s)//<ip>/subdirectory/file??dcPath=ha-datacenter?dsName=xxx -- Matthias Bolte http://photron.blogspot.com
The URL /ha-nfc/52c6d592-7636-67c5-29f3-d5b373be4f42/disk-0.vmdk looks like the lease you get during OVA import on the ESX server to upload a disk image to, isn't it? I'm not sure why you would get and Forbidden error from the server here. Are you logged in with an restricted user account instead of the root account? Yes, precicely this is what I am trying to do. The URL (deviceUrl) is obtained once the call to ImportVApp is successful, it does not import the disk on root directory but to the new VM directory created after the importvapp call. I remember trying this on ESXi4.1 and it used to work fine, ESXi5 seems to block it. I am logged in with "root" credentials.
To achieve this operation I've added a routine to support file Upload (for ESX driver as currently it only support buffer upload), I verified its functioning my uploading a file using datastore based URL: (http(s)//<ip>/file??dcPath=ha-datacenter?dsName=xxx).
Are you trying to upload directly to the root of the datastore? IIRC this isn't allowed and you can only upload subdirectories in the datastore as in
http(s)//<ip>/subdirectory/file??dcPath=ha-datacenter?dsName=xxx OVA disk can be compressed (compression algorithm is identified as one of the fields inside creaimportspec result varible), also as OVA optimizes the disk we need to use this URL to upload the valid content and rest necessary messaging is done by server itself (say deflate the disk, uncompress it etc.). -- Matthias Bolte http://photron.blogspot.com
I was able to solve this issue, it seems for upload operation the CURL headers needs to contain: "Connection: Keep-Alive"); "Content-Type: application/x-vnd.vmware-streamVmdk"); "Content-Length: %ld" Though the error was related to "forbidden access", but it seems it was not correct, with above set of headers and POST operation, VMDK uploads runs smooth :-). Thanks!Ata From: ata.husain@hotmail.com To: matthias.bolte@googlemail.com Date: Tue, 1 Jan 2013 11:47:13 -0800 CC: libvir-list@redhat.com Subject: Re: [libvirt] [ESX:Error] HTTP 403 error for CURL upload operation
The URL /ha-nfc/52c6d592-7636-67c5-29f3-d5b373be4f42/disk-0.vmdk looks like the lease you get during OVA import on the ESX server to upload a disk image to, isn't it? I'm not sure why you would get and Forbidden error from the server here. Are you logged in with an restricted user account instead of the root account?
Yes, precicely this is what I am trying to do. The URL (deviceUrl) is obtained once the call to ImportVApp is successful, it does not import the disk on root directory but to the new VM directory created after the importvapp call. I remember trying this on ESXi4.1 and it used to work fine, ESXi5 seems to block it. I am logged in with "root" credentials.
To achieve this operation I've added a routine to support file Upload (for ESX driver as currently it only support buffer upload), I verified its functioning my uploading a file using datastore based URL: (http(s)//<ip>/file??dcPath=ha-datacenter?dsName=xxx).
Are you trying to upload directly to the root of the datastore? IIRC this isn't allowed and you can only upload subdirectories in the datastore as in
http(s)//<ip>/subdirectory/file??dcPath=ha-datacenter?dsName=xxx
OVA disk can be compressed (compression algorithm is identified as one of the fields inside creaimportspec result varible), also as OVA optimizes the disk we need to use this URL to upload the valid content and rest necessary messaging is done by server itself (say deflate the disk, uncompress it etc.).
-- Matthias Bolte http://photron.blogspot.com
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
participants (2)
-
Ata Bohra -
Matthias Bolte