search

dmacvicar / terraform-provider-libvirt

Terraform provider to provision infrastructure with Linux's KVM using libvirt
Apache License 2.0
1.54k stars 457 forks source link

terraform-Libvirtd cannot pull images from locally hosted websites (that contain the qcow2) #857

Closed The-Lilleorg closed 3 years ago

The-Lilleorg commented 3 years ago

System Information

Ubuntu 20.04

Linux distribution

Ubuntu..

Terraform version

Terraform v1.0.0  on linux_amd64

Provider and libvirt versions

terraform-provider-libvirt -version 
provider.terraform-provider-libvirt_v0.6.3-1+

If that gives you "was not built correctly", get the Git commit hash from your local provider repository:

git describe --always --abbrev=40 --dirty

Checklist

Utilizing the Existing remote srcs for Volumes

Description of Issue/Question

Setup

terraform { required_providers { libvirt = { source = "multani/libvirt" version = "0.6.3-1+4" } } } provider "libvirt" { uri = "qemu+ssh://root@vmyserver.example.com/system" } resource "libvirt_pool" "cluster2" { name = "cluster2" type = "dir" path = "/ovm/images/live/cluster2_storage" } resource "libvirt_volume" "centos7-img" { name = "centos7.img" pool = libvirt_pool.cluster2.name

source = "https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img"

source = "http://mywebhead.example.com/centos7.qcow2" format = "qcow" }

Steps to Reproduce Issue

2021-06-09T16:28:54.038-0400 [DEBUG] provider.terraform-provider-libvirt_v0.6.3-1+4: 2021/06/09 16:28:54 [INFO] Created libvirt client libvirt_volume.centos7-img: Creating... 2021-06-09T16:28:54.046-0400 [INFO] Starting apply for libvirt_volume.centos7-img 2021-06-09T16:28:54.047-0400 [DEBUG] libvirt_volume.centos7-img: applying the planned Create change 2021-06-09T16:28:54.053-0400 [DEBUG] provider.terraform-provider-libvirt_v0.6.3-1+4: 2021/06/09 16:28:54 [DEBUG] Locking "cluster2" 2021-06-09T16:28:54.054-0400 [DEBUG] provider.terraform-provider-libvirt_v0.6.3-1+4: 2021/06/09 16:28:54 [DEBUG] Locked "cluster2" 2021-06-09T16:28:54.185-0400 [DEBUG] provider.terraform-provider-libvirt_v0.6.3-1+4: 2021/06/09 16:28:54 [DEBUG] Unlocking "cluster2" 2021-06-09T16:28:54.185-0400 [DEBUG] provider.terraform-provider-libvirt_v0.6.3-1+4: 2021/06/09 16:28:54 [DEBUG] Unlocked "cluster2" ╷ │ Error: Error while determining image type for http://mywebhead.example.com/centos7.qcow2: Can't retrieve partial header of resource to determine file type: http://mywebhead.example.com/centos7.qcow2 - 403 Forbidden │ │ with libvirt_volume.centos7-img, │ on test-vm.tf line 7, in resource "libvirt_volume" "centos7-img": │ 7: resource "libvirt_volume" "centos7-img" { │ ╵ 2021-06-09T16:28:54.208-0400 [DEBUG] provider.terraform-provider-libvirt_v0.6.3-1+4: 2021/06/09 16:28:54 [DEBUG] cleaning up connection for URI: qemu+ssh://root@server.example.com/system 2021-06-09T16:28:54.247-0400 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/multani/libvirt/0.6.3-1+4/linux_amd64/terraform-provider-libvirt_v0.6.3-1+4 pid=222583 2021-06-09T16:28:54.247-0400 [DEBUG] provider: plugin exited (Include debug logs if possible and relevant).

NGINX logs show a 200: when curl downloading it: 10.80.105.11 - - [09/Jun/2021:16:24:16 -0400] "GET /centos7.qcow2 HTTP/1.1" 200 109752 "-" "curl/7.68.0" 10.80.105.11 - - [09/Jun/2021:16:24:52 -0400] "GET /centos7.qcow2 HTTP/1.1" 200 2824601600 "-" "curl/7.68.0"

Additional information:

Do you have SELinux or Apparmor/Firewall enabled? Some special configuration? -Apparmor disabled on the libvirtD host -Firewall rules normal for libvirtd Have you tried to reproduce the issue without them enabled? Issue is reproducable

dmacvicar commented 3 years ago

I think the problem is that the provider issues a GET request with a Range header to retrieve only the first bytes. So check if:

curl -i -H "Range: bytes=0-7" http://mywebhead.example.com/centos7.qcow2

is working, as I can see a "Forbidden" response in the logs.

Eg. this one works for me:

curl -i -H "Range: bytes=0-7" http://ftp.uni-erlangen.de/opensuse/tumbleweed/appliances/openSUSE-Tumbleweed-JeOS.x86_64-15.1.0-OpenStack-Cloud-Snapshot20210628.qcow2

Please re-open if you have more indication it is a problem on the provider.

The-Lilleorg commented 2 years ago

I had some time to get back to terraform :

curl -i -H "Range: bytes=0-7" http://proxyhost.example.com/centos7.qcow2 HTTP/1.1 206 Partial Content Server: nginx/1.14.0 (Ubuntu) Date: Mon, 19 Jul 2021 19:45:33 GMT Content-Type: application/octet-stream Content-Length: 8 Last-Modified: Wed, 09 Jun 2021 20:23:10 GMT Connection: keep-alive ETag: "60c1232e-a85c0000" Accept-Ranges: bytes Content-Disposition: attachment; filename=/data/images/centos7.qcow2 Content-Range: bytes 0-7/2824601600

root@vm07-its-prd:~# curl -i -H "Range: bytes=0-7" http://proxyhost.example.com/centos7.qcow2 HTTP/1.1 206 Partial Content Server: nginx/1.14.0 (Ubuntu) Date: Mon, 19 Jul 2021 19:47:32 GMT Content-Type: application/octet-stream Content-Length: 8 Last-Modified: Wed, 09 Jun 2021 20:23:10 GMT Connection: keep-alive ETag: "60c1232e-a85c0000" Accept-Ranges: bytes Content-Disposition: attachment; filename=/data/images/centos7.qcow2 Content-Range: bytes 0-7/2824601600

Warning: Binary output can mess up your terminal. Use "--output -" to tell Warning: curl to output it to your terminal anyway, or consider "--output Warning: " to save to a file.

It gets a 206 on the reponse:

Running it with terraform:

libvirt_volume.centos7-qcow2: Destroying... [id=/ovm/images/live/cluster2_storage/centos7.qcow2] libvirt_volume.centos7-qcow2: Destruction complete after 0s libvirt_volume.centos7-qcow2: Creating... ╷ │ Error: Error while determining image type for http://proxyhost.example.com/centos7.qcow2: Can't retrieve partial header of resource to determine file type: http://proxyhost.example.com/centos7.qcow2 - 403 Forbidden