-
Notifications
You must be signed in to change notification settings - Fork 708
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor neighbor VM image downloading #14200
Conversation
The original design assumes downloading neighbor VM images from azure storage using SAS key if image file is not found on local testbed server. Since SAS key is considered as a credential, the design introduces complexity of managing SAS keys securely. This change refactored the design to download image files from simple HTTP server. URL of the image files can be specified in variable files under `ansible/group_vars/vm_host`. Signed-off-by: Xin Wang <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
- Check ___ image
- Download ___ image
I see the blocks that perform the above functions are quite similar. I was wondering if they could be moved to another task (download-image.yml
) with variables and be called from start.yml
like the other re-use happening between start.yml -> start_vm.yml
. Perhaps in a refactor PR.
@wangxin PR conflicts with 202205 branch |
What is the motivation for this PR? The original design assumes downloading neighbor VM images from azure storage using SAS key if image file is not found on local testbed server. Since SAS key is considered as a credential, the design introduces complexity of managing SAS keys securely. How did you do it? This change refactored the design to download image files from simple HTTP server. URL of the image files can be specified in variable files under ansible/group_vars/vm_host. How did you verify/test it? Run add-topo/remove-topo, start-topo-vms/stop-topo-vms Signed-off-by: Xin Wang <[email protected]>
@wangxin PR conflicts with 202305 branch |
Cherry-pick PR to 202405: #14353 |
What is the motivation for this PR? The original design assumes downloading neighbor VM images from azure storage using SAS key if image file is not found on local testbed server. Since SAS key is considered as a credential, the design introduces complexity of managing SAS keys securely. How did you do it? This change refactored the design to download image files from simple HTTP server. URL of the image files can be specified in variable files under ansible/group_vars/vm_host. How did you verify/test it? Run add-topo/remove-topo, start-topo-vms/stop-topo-vms Signed-off-by: Xin Wang <[email protected]>
Cherry-pick PR to 202311: #14354 |
What is the motivation for this PR? The original design assumes downloading neighbor VM images from azure storage using SAS key if image file is not found on local testbed server. Since SAS key is considered as a credential, the design introduces complexity of managing SAS keys securely. How did you do it? This change refactored the design to download image files from simple HTTP server. URL of the image files can be specified in variable files under ansible/group_vars/vm_host. How did you verify/test it? Run add-topo/remove-topo, start-topo-vms/stop-topo-vms Signed-off-by: Xin Wang <[email protected]>
What is the motivation for this PR? The original design assumes downloading neighbor VM images from azure storage using SAS key if image file is not found on local testbed server. Since SAS key is considered as a credential, the design introduces complexity of managing SAS keys securely. How did you do it? This change refactored the design to download image files from simple HTTP server. URL of the image files can be specified in variable files under ansible/group_vars/vm_host. How did you verify/test it? Run add-topo/remove-topo, start-topo-vms/stop-topo-vms Signed-off-by: Xin Wang <[email protected]>
What is the motivation for this PR? The original design assumes downloading neighbor VM images from azure storage using SAS key if image file is not found on local testbed server. Since SAS key is considered as a credential, the design introduces complexity of managing SAS keys securely. How did you do it? This change refactored the design to download image files from simple HTTP server. URL of the image files can be specified in variable files under ansible/group_vars/vm_host. How did you verify/test it? Run add-topo/remove-topo, start-topo-vms/stop-topo-vms Signed-off-by: Xin Wang <[email protected]>
What is the motivation for this PR? The original design assumes downloading neighbor VM images from azure storage using SAS key if image file is not found on local testbed server. Since SAS key is considered as a credential, the design introduces complexity of managing SAS keys securely. How did you do it? This change refactored the design to download image files from simple HTTP server. URL of the image files can be specified in variable files under ansible/group_vars/vm_host. How did you verify/test it? Run add-topo/remove-topo, start-topo-vms/stop-topo-vms Signed-off-by: Xin Wang <[email protected]>
Manually cherry-pick #14200 to 202305 branch due to conflicts. What is the motivation for this PR? The original design assumes downloading neighbor VM images from azure storage using SAS key if image file is not found on local testbed server. Since SAS key is considered as a credential, the design introduces complexity of managing SAS keys securely. How did you do it? This change refactored the design to download image files from simple HTTP server. URL of the image files can be specified in variable files under ansible/group_vars/vm_host. How did you verify/test it? Run add-topo/remove-topo, start-topo-vms/stop-topo-vms Signed-off-by: Xin Wang <[email protected]>
Manually cherry-pick #14200 to 202205 branch due to conflicts. What is the motivation for this PR? The original design assumes downloading neighbor VM images from azure storage using SAS key if image file is not found on local testbed server. Since SAS key is considered as a credential, the design introduces complexity of managing SAS keys securely. How did you do it? This change refactored the design to download image files from simple HTTP server. URL of the image files can be specified in variable files under ansible/group_vars/vm_host. How did you verify/test it? Run add-topo/remove-topo, start-topo-vms/stop-topo-vms Signed-off-by: Xin Wang <[email protected]>
What is the motivation for this PR? In PR #14200, it updated the file path of ceos.yml. But in our code, there still exists some references to the file which are not be updated to the new path. In this PR, we update these references to the new path. How did you do it? Update some references of ceos.yml to the new path.
What is the motivation for this PR? In PR sonic-net#14200, it updated the file path of ceos.yml. But in our code, there still exists some references to the file which are not be updated to the new path. In this PR, we update these references to the new path. How did you do it? Update some references of ceos.yml to the new path.
Description of PR
Summary:
Fixes # (issue)
Type of change
Back port request
Approach
What is the motivation for this PR?
The original design assumes downloading neighbor VM images from azure storage using SAS key if image file is not found on local testbed server. Since SAS key is considered as a credential, the design introduces complexity of managing SAS keys securely.
How did you do it?
This change refactored the design to download image files from simple HTTP server. URL of the image files can be specified in variable files under
ansible/group_vars/vm_host
.How did you verify/test it?
Run add-topo/remove-topo, start-topo-vms/stop-topo-vms
Any platform specific information?
Supported testbed topology if it's a new test case?
Documentation
The documentation should be updated accordingly. I will submit separate PR for the documentation change.