Closed mrndev closed 9 months ago
hi, are you logged in? Try exporting IONOS_USERNAME
and IONOS_PASSWORD
environment variables, or ionosctl login
to generate a credentials file. Since ionosctl image upload
uses FTP, it doesn't support use of tokens (IONOS_TOKEN
).
Note: We are currently working on an improvement #295 which will improve various functionalities of the config file, including ionosctl login
.
I'm using the token so that probably is the problem. Thanks. (The error message could be more helpful though)
Is ionosctl using FTP+TLS by default? Is there any risk that my credentials are sent in clear text using plain FTP?
Hi, yes. I agree, the error message should be improved. As for FTP+TLS - No risk of plain FTP. A security risk is if you are setting the --skip-verify
flag (by default this is not set), which skips TLS cert check and you can be man-in-the-middle attacked
dialOptions := ftps.DialOptions{
Host: p.Url,
Port: p.Port,
Username: s.client.GetConfig().Username,
Passowrd: s.client.GetConfig().Password,
ExplicitTLS: true, // means that FTPS (FTP Secure, FTP over TLS) is being used
TLSConfig: &tlsConfig,
}
tlsConfig := tls.Config{
InsecureSkipVerify: p.SkipVerify,
ServerName: p.Url,
RootCAs: p.ServerCertificate,
MaxVersion: tls.VersionTLS12,
}
I exported IONOS_USERNAME and IONOS_PASSWORD and now it works - thanks.
during upload i bumped to this:
If I now try to upload the image, the ionosctl still gives the error that the image is already on the server
~$ ionosctl image list | grep OPN WARNING: The following flags are deprecated: --type TYPE --licence-type LICENCE_TYPE --location LOCATION --image-alias IMAGE_ALIAS --latest LATEST. Use --filters --order-by --max-results options instead! ~$ ionosctl image upload -v --location fra --image OPNsense-23.1-OpenSSL-dvd-amd64.iso [INFO] Uploading OPNsense-23.1-OpenSSL-dvd-amd64.iso to ftp-fra.ionos.com Error: OPNsense-23.1-OpenSSL-dvd-amd64.iso already exists at ftp-fra.ionos.com
as a workaround i can of course rename my image file, after which it works, but just for the record - maybe this can be improved.
Hi, I agree. I reproduced, and so I got in touch with the API team. TL;DR: since the FTP server is independent of the API, you have to sadly make a support request at support@cloud.ionos.com to delete the 0 byte files from the FTP server (which you can't manually do, sadly).
That's the expected behaviour. Files uploaded via FTP cannot be deleted on the FTP server itself. FTP is uploading the image to VDC/DCD - and does not know if the image still exists there, or if it has been deleted via DCD/API at a later time. Customers can open a Support Ticket asking to delete the placeholder (file with 0 byte) on the FTP server: support@cloud.ionos.com
I will however add this to the documentation, I wasn't aware of this behaviour myself.
ok - thanks for checking this
I will close this issue when:
a) the quirk described in https://github.com/ionos-cloud/ionosctl/issues/302#issuecomment-1592798628 is documented, and point the users in the direction of making a support request at support@cloud.ionos.com
b) the error message for invalid credentials is improved
c) the documentation for logging in is improved (e.g. you can only use username & password, token is not supported)
d) we let the user know that we are indeed using FTP over TLS. so, no plaintext passwords
great product care!
Hi, I agree. I reproduced, and so I got in touch with the API team. TL;DR: since the FTP server is independent of the API, you have to sadly make a support request at support@cloud.ionos.com to delete the 0 byte files from the FTP server (which you can't manually do, sadly).
That's the expected behaviour. Files uploaded via FTP cannot be deleted on the FTP server itself. FTP is uploading the image to VDC/DCD - and does not know if the image still exists there, or if it has been deleted via DCD/API at a later time. Customers can open a Support Ticket asking to delete the placeholder (file with 0 byte) on the FTP server: support@cloud.ionos.com
I will however add this to the documentation, I wasn't aware of this behaviour myself.
This is a major drawback!
Aborted uploads (which happens in unstable networks) can not be retired. You have to open a support ticket to delete something you uploaded yourself?
Even if it is not aborted it regularly errors because the image service is too slow to recognize a new upload. See the following logs:
You then have to wait x minutes until the service decides to pick up the images and then set the attributes which completely obsoletes the use of the ionosctl.
Please provide an integrated image upload system that is HTTP based and not on FTP and does not need the account credentials. My recommendation would be a S3 based system
Hi Henrik, thanks for your comment. The feature/improvement you are requesting is independent of the ionosctl CLI, but generic suggestions to improve the products always helpful. I will add a feature request for this.
@hegerdes you could attempt uploading the images with a longer context deadline by using --timeout <seconds>
, which might result in the images being picked up by ionosctl.
However, I can't comment on the FTP nature of the system. I would like working with an S3 based one, but as @mrndev said this is independent of this tool sadly.
Hi! #411 has finally been released in v6.7.3. Sorry for the delay.
Description
ionosctl image upload not working. Im using the same command as in the example from help
~$ ionosctl image upload --location fra --image OPNsense-23.1-OpenSSL-dvd-amd64.iso Error: ftps: connection setup failed: cmd failed read expected code 331 with message "": failed to read code, got code 500 and message USER: command requires a parameter: 500 USER: command requires a parameter
Am I missing some parameters? Its hard to interpret what the error means...
Expected behavior
image gets uploaded
Environment
How to Reproduce
see command above