ovirt-image-daemon
==================

Overview
--------

ovirt-image-daemon provides direct access to oVirt disks using HTTPS
protocol.  Together with ovirt-image-proxy, it allows uploading a disk
image directly into an oVirt disk, downloading an oVirt disk, or
performing random I/O.

The goal is to keep ovirt-image-daemon simple as possible. We use a
single protocol (HTTP) for everything, and avoid dependencies on Vdsm.

This daemon provides these serices:

- images service    read and write data to/from images. This service is
                    available via HTTPS on port 54322. This service is
                    accessed by ovirt-image-proxy or directly by
                    clients.

- tickets service   manage tickets authorizing images service
                    operations. Available localy via HTTP over unix
                    domain socket. Vdsm is using this service to add,
                    remove, and extend tickets per ovirt-engine
                    request.

- progress service  report progress for ongoing images operations.
                    Available locally via HTTP over unix domain socket.
                    Vdsm will access this to report progress to Engine.


Image session flow (interactive)
--------------------------------

In this flow, client is Engine UI via a browser.

- Client starts an image session using oVirt REST API.
- Engine creates access token for ovirt-image-proxy and session token
  for vdsm-imgaged.
- Engine ask Vdsm to prepare image.
- Engine ask Vdsm to add a ticket for accessing image.
- Vdsm adds ticket to ovirt-image-daemon.
- Engine returns signed access token and session token to client,
  including ovirt-image-proxy connection details.
- Client performs authenticate with ovirt-image-proxy using the signed
  access token.
- Client perform image operations with ovirt-image-proxy, using the
  session token.
- ovirt-image-proxy relay image operations to ovirt-image-daemon with
  the session token.
- When client is done, it ends the session using engine REST API.
- Engine ask vdsm to revoke the ticket.
- Vdsm deletes session from ovirt-image-daemon.
- Engine ask vdsm to tear down the image.


Image session flow (non-interactive)
------------------------------------

This flow is possible only if client has access to the host network.
This may be relevant for automating data center image operations.

- Client starts an image session using oVirt REST API.
- Engine creates session token for vdsm-imgaged.
- Engine ask Vdsm to prepare image.
- Engine ask Vdsm to add a ticket for accessing image.
- Engine returns session token to client
- Client perform image operations with ovirt-image-daemon, using the
  session token.
- When client is done, it ends the session using engine REST API.
- Engine ask vdsm to revoke the ticket.
- Vdsm deletes session from ovirt-image-daemon.
- Engine ask vdsm to tear down the image.

Tickets are ephemeral; A client needs to request Engine to renew the
ticket from time to time, otherwise a ticket will expire and the
ongoing image operations will be aborted.

Tickets are not persisted. In case of ovirt-image-daemon crash or
reboot, Engine will provide a new ticket and possibly point client to
another host to continue the operation.


ovirt-image-daemon API
----------------------

Write me
