Bug 1884979

Summary: [v2v][Doc][VMware to CNV VM import API] Please add details on "thumbprint" in the VMware "Secret"
Product: Container Native Virtualization (CNV) Reporter: Ilanit Stein <istein>
Component: V2VAssignee: Sam Lucidi <slucidi>
Status: CLOSED ERRATA QA Contact: Ilanit Stein <istein>
Severity: high Docs Contact:
Priority: medium    
Version: 2.5.0CC: cnv-qe-bugs, fdupont
Target Milestone: ---   
Target Release: 2.5.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-12-16 00:16:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ilanit Stein 2020-10-04 09:23:24 UTC 
Document:
https://github.com/kubevirt/vm-import-operator/blob/master/docs/design.md#vmware-secret-example

Description of problem:
1. Please add details on how to fetch the VMware "thumbprint".
2. Emphasize that ":" should separate the numbers and not spaces.

This value should be provided as part of VMware Secret:

cat <<EOF | oc create -f -
---
apiVersion: v1
kind: Secret
metadata:
 name: vmw-secret
type: Opaque
stringData:
 vmware: |-
   # API URL of the vCenter or ESXi host
   apiUrl: "https://<Vcenter IP address>/sdk"
   # Username provided in the format of username@domain.
   username: <username>
   password: <password>
   # The certificate thumbprint of the vCenter or ESXi host, in colon-separated hexidecimal octets.
   thumbprint: 31:14:..   <===== thumbprint
EOF

Version-Release number of selected component (if applicable):
CNV-2.5

Additional info:
thumbprint it's the SHA-1 fingerprint of the vCenter's SSL certificate.
You could get it from your web browser by clicking the lock in the URL bar and clicking through to the certificate details
It needs to be formatted as 31:14:EB:9E etc
it will not work with the spaces
it would complain of being unable to initialize the provider if the fingerprint was bad
Comment 1 Fabien Dupont 2020-10-07 07:27:54 UTC 
Finding the UUID is pretty much out of scope. A VMware administrator should be able to help.

However, I agree that it would be better to explain how to retrieve it, maybe as a note under the example.
And I prefer solutions based on command line. Creating a CR is for advanced users, so they should be fine with command line.
Here is the openssl command to get it, already in colon-separated hexadecimal octets format:

$ openssl s_client -connect esx13.v2v.bos.redhat.com:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -sha1 -noout -in /dev/stdin | cut -d '=' -f 2
Comment 2 Fabien Dupont 2020-10-07 07:36:18 UTC 
I meant, "finding the thumbprint".
Comment 3 Fabien Dupont 2020-10-13 14:50:25 UTC 
Moving to 2.5.1 as it is an upstream doc RFE.
Comment 4 Sam Lucidi 2020-11-03 21:48:06 UTC 
https://github.com/kubevirt/vm-import-operator/pull/435
Comment 5 Ilanit Stein 2020-12-01 09:29:06 UTC 
Verified on latest master doc: https://github.com/kubevirt/vm-import-operator/blob/master/docs/design.md
Comment 11 errata-xmlrpc 2020-12-16 00:16:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Virtualization 2.5.2 Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:5560