[one-users] sunstone: any way to download an image?

Mon Apr 23 00:56:09 PDT 2012

Hi,

On our cloud, we made it work, but it's a bit of a hack. The end result 
is that the "source" line in the image template details in the sunstone 
image tab is a click-able link.

here you can see a screenshot:
https://www.cloud.sara.nl/projects/hpc-cloud-documentation/wiki/Downloading_Images

A first attempt to use "send_file()" in ruby did not work since there is 
a problem with the "Thin" library that sinatra (sunstone) is using. Thin 
will always load the entire file into memory before sending it out. Not 
what you want.
(Yes, you can set params on send_file, but apparantly, the Thin layer 
keeps buffering the whole file.)

So we went back to basics and made it a simple html file download link:
(The following works om 3.2.1, haven't tried it with 3.4)

1. Add a "get path" to /usr/lib/one/sunstone/sunstone-server.rb

I put this just above the "Monitoring" comment:

get '/download/var/lib/one/images/:filename' do |filename|
     redirect "http://ui.calligo.sara.nl/yourimagesdirectory/"+filename
end

2. Serve the "images" directory

You have to make sure that the /var/lib/one/images direcory is served by 
a webserver (apache, lighthttps, whatever) on 
http://<hostname>/yourimagesdirectory/<filename>.
(Of course you can change this location.)

Again, we'd very much prefer to do this with the send_file in ruby, but 
the problem with the buffering makes this impossible.

Since we are using the lighthttpd proxy for sunstone, we just added a 
symbolic link to the opennebula image directory to the documentroot. (If 
you're using the proxy, you'll need to exempt that directory.)

3. Adapt the sunstone plugin

Look for

<td class="value_td">'+(typeof img_info.SOURCE === "string" ? 
img_info.SOURCE : "--")+'</td>\

And change it to

<td class="value_td">\
   <a href="/download' + img_info.SOURCE + '">'
   +(typeof img_info.SOURCE === "string" ? img_info.SOURCE : "--")
   +'</a></td>\

Now just go to the image tab in sunstone, select an image, look for the 
source line tin the image template and click on it do download it.

4. Security

Do note that this means you have a publicly browse-able directory with 
all you images!

However there is some security due to the naming of the image files: a 
brute force attack would be required to find a UID that matches with an 
existing image name.

Make sure the directory shows no directory listing, of course, or 
someone could just wget the entire directory!

Again, definitely not a 100% safe solution and the moment the Thin 
problem with send_file gets resolved, or sunstone moves to another 
library, we'll change this. but for the moment, it actually works rather 
nicely.

Hope this can inspire you to crate a better solution. :)

Wkr,

Jhon