Bug 1343423

Summary: [RFE]Should give a better description about 'curl error 22' when failed using ssh identity http url at p2v client
Product: Red Hat Enterprise Linux 7 Reporter: mxie <mxie>
Component: libguestfsAssignee: Richard W.M. Jones <rjones>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: juzhou, mzhan, ptoscano, tzheng, xiaodwan
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: P2V
Fixed In Version: libguestfs-1.32.5-4.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-03 18:01:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
curl error 22
none
p2v-curl-errors.png none

Description mxie@redhat.com 2016-06-07 10:08:04 UTC 
Created attachment 1165567 [details]
curl error 22

Description of problem:
[RFE]Should give a better description about 'curl error 22' when failed using ssh identity http url at p2v client


Version-Release number of selected component (if applicable):
virt-p2v-1.32.5-2.el7.iso
virt-v2v-1.32.5-2.el7.x86_64
libguestfs-1.32.5-2.el7.x86_64



How reproducible:
100%

Steps to Reproduce:
1.Check ssh identity info at virt-p2v manual page
#man virt-p2v
SSH IDENTITIES

SSH identity downloaded from a website. In the GUI, use:

 │          Password: [    <leave this field blank>       ] │
 │                                                          │
 │  SSH Identity URL: [https://internal.example.com/id_rsa] │

or on the kernel command line:

 p2v.identity=https://internal.example.com/id_rsa

Anyone could still download the private key and use it to log in to the virt-v2v conversion server, but you could provide some extra security by configuring the web server to only allow connections from P2V machines.


2.Create a key pair which must have an empty passphrase and let public key append to the authorized_keys file at conversion server 

2.1#ssh-keygen -t rsa -N '' -f id_rsa

2.2#scp id_rsa.pub /root/.ssh/authorized_keys

3.Put the id_rsa at available website, such as http://pan.baidu.com/s/1qXFPzZm, 

4.Boot the machine into p2v client via iso

5.At inputting conversion server info interface, input conversion ip and username and then input id_rsa http url at ssh identity url, then the connection failed with error: curl error 22, pls refer to screenshot 'curl error 22', but the failed reason is not very clear
 


Actual results:
As above description

Expected results:
Should give a better description about 'curl error 22' when failed to use ssh identity http url to connect conversion server at p2v client
 

Additional info:
Comment 2 Richard W.M. Jones 2016-06-07 13:53:16 UTC 
I pushed this change which displays the full error message from
curl on failed downloads of the SSH identify URL.

https://github.com/libguestfs/libguestfs/commit/0e0a350c02b9c4d7a4108d2743ee1a61ce88a1f1
Comment 3 Richard W.M. Jones 2016-06-07 13:54:36 UTC 
Created attachment 1165659 [details]
p2v-curl-errors.png

This shows what the error looks like in the case of a 403 Forbidden
error of the type seen in bug 1343414.

That's basically all the information that curl gives us.
Comment 5 mxie@redhat.com 2016-06-23 10:05:39 UTC 
I can reproduce the bug on build:
virt-p2v-1.32.5-2.el7

Try to verify the bug with build:
virt-p2v-1.32.5-5.el7

Steps:
1.Create a key pair which must have an empty passphrase and let public key append to the authorized_keys file at conversion server 
1.1#ssh-keygen -t rsa -N '' -f id_rsa
1.2#scp id_rsa.pub /root/.ssh/authorized_keys

2.Mount the website to local
mount 10.73.194.27:/vol/S3/libvirtmanual/mxie /mnt

3.Copy the key to website
#cp id_rsa /mnt

4.Don't Change mode of the key, id_rsa has default mode: 0600
#ll /mnt
-rw-------. 1 root root       1675 Jun 24  2016 id_rsa

5.Boot the machine into p2v client via iso

6.At inputting conversion server info interface, input conversion ip and username and then input id_rsa http url at ssh identity url as http://fileshare.englab.nay.redhat.com/pub/section3/libvirtmanual/mxie/id_rsa 

Result now:
The error shows:http://fileshare.englab.nay.redhat.com/pub/section3/libvirtmanual/mxie/id_rsa:curl:(22)the requested URL returned error:403 Forbidden after step6.so the error reason is easy to understand now

So move the bug from ON_QA to VERIFIED
Comment 7 errata-xmlrpc 2016-11-03 18:01:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2576.html