Merge pull request #46996 from apinnick/CNV-18558-importing-https-image

apinnick · web-flow · commit 95335fdfb5b7 · 2022-07-24T11:43:57.000+03:00
CNV-18558: Importing VM images from HTTPS endpoint
diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml
@@ -3240,7 +3240,7 @@ Topics:
       File: virt-tls-certificates-for-dv-imports
     - Name: Importing virtual machine images with data volumes
       File: virt-importing-virtual-machine-images-datavolumes
-    - Name: Importing virtual machine images to block storage with data volumes
+    - Name: Importing virtual machine images into block storage with data volumes
       File: virt-importing-virtual-machine-images-datavolumes-block
 # Cloning virtual machines
   - Name: Cloning virtual machines
diff --git a/modules/virt-importing-vm-datavolume.adoc b/modules/virt-importing-vm-datavolume.adoc
@@ -4,82 +4,79 @@
 
 :_content-type: PROCEDURE
 [id="virt-importing-vm-datavolume_{context}"]
-= Importing a virtual machine image into a persistent volume claim by using a data volume
+= Importing a virtual machine image into storage by using a data volume
 
-You can import a virtual machine image into a persistent volume claim (PVC) by using a data volume.
+You can import a virtual machine image into storage by using a data volume.
 
-The virtual machine image can be hosted at an HTTP or HTTPS endpoint, or the image can be built into a container disk and stored in a container registry.
+The virtual machine image can be hosted at an HTTP or HTTPS endpoint or the image can be built into a container disk and stored in a container registry.
 
-To create a virtual machine from an imported virtual machine image, specify the image or container disk endpoint in the `VirtualMachine` configuration file before you create the virtual machine.
+You specify the data source for the image in a `VirtualMachine` configuration file. When the virtual machine is created, the data volume with the virtual machine image is imported into storage.
 
 .Prerequisites
 
-* You have installed the OpenShift CLI (`oc`).
-* Your cluster has at least one available persistent volume.
 * To import a virtual machine image you must have the following:
-** A virtual machine disk image in RAW, ISO, or QCOW2 format, optionally
-compressed by using `xz` or `gz`.
-** An HTTP endpoint where the image is hosted, along with any authentication
-credentials needed to access the data source. For example: `http://www.example.com/path/to/data`
-* To import a container disk you must have the following:
-** A container disk built from a virtual machine image stored in your container image registry, along with any authentication credentials needed to access the data source. For example: `docker://registry.example.com/container-image`
+** A virtual machine disk image in RAW, ISO, or QCOW2 format, optionally compressed by using `xz` or `gz`.
+** An HTTP or HTTPS endpoint where the image is hosted, along with any authentication credentials needed to access the data source.
+* To import a container disk, you must have a virtual machine image built into a container disk and stored in a container registry, along with any authentication credentials needed to access the data source.
+* If the virtual machine must communicate with servers that use self-signed certificates or certificates not signed by the system CA bundle, you must create a config map in the same namespace as the data volume.
 
 .Procedure
 
-. Optional: If your data source requires authentication credentials, edit the
-`endpoint-secret.yaml` file, and apply the updated configuration to the cluster:
+. If your data source requires authentication, create a `Secret` manifest, specifying the data source credentials, and save it as `endpoint-secret.yaml`:
 +
 [source,yaml]
 ----
 apiVersion: v1
 kind: Secret
 metadata:
-  name: <endpoint-secret>
+  name: endpoint-secret <1>
   labels:
     app: containerized-data-importer
 type: Opaque
 data:
-  accessKeyId: "" <1>
-  secretKey:   "" <2>
+  accessKeyId: "" <2>
+  secretKey:   "" <3>
 ----
-<1> Optional: your key or user name, base64 encoded
-<2> Optional: your secret or password, base64 encoded
+<1> Specify the name of the `Secret`.
+<2> Specify the Base64-encoded key ID or user name.
+<3> Specify the Base64-encoded secret key or password.
+
+. Apply the `Secret` manifest:
 +
 [source,terminal]
 ----
 $ oc apply -f endpoint-secret.yaml
 ----
 
-. Edit the virtual machine configuration file, specifying the data source for
-the virtual machine image you want to import. In this example, a Fedora image is imported from an `http` source:
+. Edit the `VirtualMachine` manifest, specifying the data source for the virtual machine image you want to import, and save it as `vm-fedora-datavolume.yaml`:
 +
+[%collapsible]
 [source,yaml]
+====
 ----
 apiVersion: kubevirt.io/v1
 kind: VirtualMachine
 metadata:
   creationTimestamp: null
   labels:
     kubevirt.io/vm: vm-fedora-datavolume
-  name: vm-fedora-datavolume
+  name: vm-fedora-datavolume <1>
 spec:
   dataVolumeTemplates:
   - metadata:
       creationTimestamp: null
-      name: fedora-dv
+      name: fedora-dv <2>
     spec:
-      pvc:
-        accessModes:
-        - ReadWriteOnce
+      storage:
         resources:
           requests:
             storage: 10Gi
         storageClassName: local
       source:
-        http: <1>
-          url: "https://download.fedoraproject.org/pub/fedora/linux/releases/33/Cloud/x86_64/images/Fedora-Cloud-Base-33-1.2.x86_64.qcow2" <2>
-          secretRef: "" <3>
-          certConfigMap: "" <4>
+        http: <3>
+          url: "https://mirror.arizona.edu/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2" <4>
+          secretRef: endpoint-secret <5>
+          certConfigMap: "" <6>
     status: {}
   running: true
   template:
@@ -95,7 +92,7 @@ spec:
               bus: virtio
             name: datavolumedisk1
         machine:
-          type: "" <5>
+          type: ""
         resources:
           requests:
             memory: 1.5Gi
@@ -106,46 +103,48 @@ spec:
         name: datavolumedisk1
 status: {}
 ----
-<1> The source type to import the image from. This example uses an HTTP endpoint. To import a container disk from a registry, replace `http` with `registry`.
-<2> The source of the virtual machine image you want to import. This example references a virtual machine image at an HTTP endpoint. An example of a container registry endpoint is `url: "docker://kubevirt/fedora-cloud-container-disk-demo:latest"`.
-<3> The `secretRef` parameter is optional.
-<4> The `certConfigMap` is required for communicating with servers that use self-signed certificates or certificates not signed by the system CA bundle. The referenced config map must be in the same namespace as the data volume.
-<5> Specify `type: dataVolume` or `type: ""`. If you specify any other value for `type`, such as `persistentVolumeClaim`, a warning is displayed, and the virtual machine does not start.
+<1> Specify the name of the virtual machine.
+<2> Specify the name of the data volume.
+<3> Specify `http` for an HTTP or HTTPS endpoint. Specify `registry` for a container disk image imported from a registry.
+<4> The source of the virtual machine image you want to import. This example references a virtual machine image at an HTTPS endpoint. An example of a container registry endpoint is `url: "docker://kubevirt/fedora-cloud-container-disk-demo:latest"`.
+<5> Required if you created a `Secret` for the data source.
+<6> Optional: Specify a CA certificate config map.
+====
 
 . Create the virtual machine:
 +
 [source,terminal]
 ----
-$ oc create -f vm-<name>-datavolume.yaml
+$ oc create -f vm-fedora-datavolume.yaml
 ----
 +
 [NOTE]
 ====
-The `oc create` command creates the data volume and the virtual machine. The CDI controller creates an underlying PVC with the correct annotation, and the import process begins. When the import completes, the data volume status changes to `Succeeded`, and the virtual machine is allowed to start.
+The `oc create` command creates the data volume and the virtual machine. The CDI controller creates an underlying PVC with the correct annotation and the import process begins. When the import is complete, the data volume status changes to `Succeeded`. You can start the virtual machine.
 
-Data volume provisioning happens in the background, so there is no need to monitor it. You can start the virtual machine, and it will not run until the import is complete.
+Data volume provisioning happens in the background, so there is no need to monitor the process.
 ====
 
 .Verification
+
 . The importer pod downloads the virtual machine image or container disk from the specified URL and stores it on the provisioned PV. View the status of the importer pod by running the following command:
 +
 [source,terminal]
 ----
 $ oc get pods
 ----
 
-. Monitor the data volume status until it shows `Succeeded` by running the following command:
+. Monitor the data volume until its status is `Succeeded` by running the following command:
 +
 [source,terminal]
 ----
-$ oc describe dv <datavolume-name> <1>
+$ oc describe dv fedora-dv <1>
 ----
-<1> The name of the data volume as specified under `dataVolumeTemplates.metadata.name` in the virtual machine
-configuration file. In the example configuration above, this is `fedora-dv`.
+<1> Specify the data volume name that you defined in the `VirtualMachine` manifest.
 
-. To verify that provisioning is complete and that the VMI has started, try accessing its serial console by running the following command:
+. Verify that provisioning is complete and that the virtual machine has started by accessing its serial console:
 +
 [source,terminal]
 ----
-$ virtctl console <vm-fedora-datavolume>
+$ virtctl console vm-fedora-datavolume
 ----
diff --git a/modules/virt-importing-vm-to-block-pv.adoc b/modules/virt-importing-vm-to-block-pv.adoc
@@ -4,78 +4,74 @@
 
 :_content-type: PROCEDURE
 [id="virt-importing-vm-to-block-pv_{context}"]
-= Importing a virtual machine image to a block persistent volume using data volumes
+= Importing a virtual machine image into block storage by using a data volume
 
-You can import an existing virtual machine image into your {product-title} cluster. {VirtProductName} uses data volumes to automate the importing data and the creation of an underlying persistent volume claim (PVC). You can then reference the data volume in a virtual machine manifest.
+You can import a virtual machine image into block storage by using a data volume. You reference the data volume in a `VirtualMachine` manifest before you create a virtual machine.
 
 .Prerequisites
 
-* A virtual machine disk image, in RAW, ISO, or QCOW2 format, optionally compressed by using `xz` or `gz`.
-* An `HTTP` or `s3` endpoint where the image is hosted, along with any authentication credentials needed to access the data source
-* At least one available block PV.
+* A virtual machine disk image in RAW, ISO, or QCOW2 format, optionally compressed by using `xz` or `gz`.
+* An HTTP or HTTPS endpoint where the image is hosted, along with any authentication credentials needed to access the data source.
 
 .Procedure
 
-. If your data source requires authentication credentials, edit the `endpoint-secret.yaml` file, and apply the updated configuration to the cluster.
-
-.. Edit the `endpoint-secret.yaml` file with your preferred text editor:
+. If your data source requires authentication, create a `Secret` manifest, specifying the data source credentials, and save it as `endpoint-secret.yaml`:
 +
 [source,yaml]
 ----
 apiVersion: v1
 kind: Secret
 metadata:
-  name: <endpoint-secret>
+  name: endpoint-secret <1>
   labels:
     app: containerized-data-importer
 type: Opaque
 data:
-  accessKeyId: "" <1>
-  secretKey:   "" <2>
+  accessKeyId: "" <2>
+  secretKey:   "" <3>
 ----
-<1> Optional: your key or user name, base64 encoded
-<2> Optional: your secret or password, base64 encoded
+<1> Specify the name of the `Secret`.
+<2> Specify the Base64-encoded key ID or user name.
+<3> Specify the Base64-encoded secret key or password.
 
-.. Update the secret by running the following command:
+. Apply the `Secret` manifest:
 +
 [source,terminal]
 ----
 $ oc apply -f endpoint-secret.yaml
 ----
 
-. Create a `DataVolume` manifest that specifies the data source for the image you want to import and `volumeMode: Block` so that an available block PV is used.
+. Create a `DataVolume` manifest, specifying the data source for the virtual machine image and `Block` for `storage.volumeMode`.
 +
 [source,yaml]
 ----
 apiVersion: cdi.kubevirt.io/v1beta1
 kind: DataVolume
 metadata:
-  name: <import-pv-datavolume> <1>
+  name: import-pv-datavolume <1>
 spec:
   storageClassName: local <2>
-  source:
+    source:
       http:
-         url: <http://download.fedoraproject.org/pub/fedora/linux/releases/28/Cloud/x86_64/images/Fedora-Cloud-Base-28-1.1.x86_64.qcow2> <3>
-         secretRef: <endpoint-secret> <4>
-  pvc:
+        url: "https://mirror.arizona.edu/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2" <3>
+        secretRef: endpoint-secret <4>
+  storage:
     volumeMode: Block <5>
-    accessModes:
-      - ReadWriteOnce
     resources:
       requests:
-        storage: <2Gi>
+        storage: 10Gi
 ----
-<1> The name of the data volume.
+<1> Specify the name of the data volume.
 <2> Optional: Set the storage class or omit it to accept the cluster default.
-<3> The `HTTP` source of the image to import.
-<4> Only required if the data source requires authentication.
-<5> Required for importing to a block PV.
+<3> Specify the HTTP or HTTPS URL of the image to import.
+<4> Required if you created a `Secret` for the data source.
+<5> The volume mode and access mode are detected automatically for known storage provisioners. Otherwise, specify `Block`.
 
-. Create the data volume to import the virtual machine image by running the following command:
+. Create the data volume to import the virtual machine image:
 +
 [source,terminal]
 ----
-$ oc create -f <import-pv-datavolume.yaml><1>
+$ oc create -f import-pv-datavolume.yaml
 ----
-<1> The file name of the data volume that you created in the previous step.
 
+You can reference this data volume in a `VirtualMachine` manifest before you create a virtual machine.
diff --git a/modules/virt-storage-wizard-fields-web.adoc b/modules/virt-storage-wizard-fields-web.adoc
@@ -15,7 +15,7 @@
 |Create an empty disk.
 
 |Import via URL (creates PVC)
-|Import content via URL (HTTP or S3 endpoint).
+|Import content via URL (HTTP or HTTPS endpoint).
 
 |Use an existing PVC
 |Use a PVC that is already available in the cluster.
diff --git a/modules/virt-template-fields-for-boot-source.adoc b/modules/virt-template-fields-for-boot-source.adoc
@@ -15,7 +15,7 @@ The following table describes the fields for *Add boot source to template* windo
 |Upload a file from your local device. Supported file types include gz, xz, tar, and qcow2.
 
 |Import via URL (creates PVC)
-|Import content from an image available from an HTTP or S3 endpoint. Obtain the download link URL from the web page where the image download is available and enter that URL link in the *Import via URL (creates PVC)* field. Example: For a Red Hat Enterprise Linux image, log on to the Red Hat Customer Portal, access the image download page, and copy the download link URL for the KVM guest image.
+|Import content from an image available from an HTTP or HTTPS endpoint. Obtain the download link URL from the web page where the image download is available and enter that URL link in the *Import via URL (creates PVC)* field. Example: For a Red Hat Enterprise Linux image, log on to the Red Hat Customer Portal, access the image download page, and copy the download link URL for the KVM guest image.
 
 |Clone existing PVC (creates PVC)
 |Use a PVC that is already available in the cluster and clone it.
diff --git a/modules/virt-vm-wizard-fields-web.adoc b/modules/virt-vm-wizard-fields-web.adoc
@@ -57,7 +57,7 @@ endif::[]
 
 .4+|Boot Source
 |Import via URL (creates PVC)
-|Import content from an image available from an *HTTP* or *S3* endpoint. Example: Obtaining a URL link from the web page with the operating system image.
+|Import content from an image available from an HTTP or HTTPS endpoint. Example: Obtaining a URL link from the web page with the operating system image.
 
 |Clone existing PVC (creates PVC)
 |Select an existent persistent volume claim available on the cluster and clone it.
diff --git a/virt/virtual_machines/importing_vms/virt-importing-virtual-machine-images-datavolumes-block.adoc b/virt/virtual_machines/importing_vms/virt-importing-virtual-machine-images-datavolumes-block.adoc
@@ -1,6 +1,6 @@
 :_content-type: ASSEMBLY
 [id="virt-importing-virtual-machine-images-datavolumes-block"]
-= Importing virtual machine images to block storage with data volumes
+= Importing virtual machine images into block storage with data volumes
 include::_attributes/common-attributes.adoc[]
 :context: virt-importing-virtual-machine-images-datavolumes-block
 
diff --git a/virt/virtual_machines/importing_vms/virt-tls-certificates-for-dv-imports.adoc b/virt/virtual_machines/importing_vms/virt-tls-certificates-for-dv-imports.adoc
@@ -7,4 +7,5 @@ include::_attributes/common-attributes.adoc[]
 toc::[]
 
 include::modules/virt-adding-tls-certificates-for-authenticating-dv-imports.adoc[leveloffset=+1]
+
 include::modules/virt-example-configmap-tls-certificate.adoc[leveloffset=+1]
