Bug 2181234
| Summary: | Set administrator@vsphere.local as default username when connect VMware source by virsh | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | mxie <mxie> |
| Component: | libvirt | Assignee: | Michal Privoznik <mprivozn> |
| libvirt sub component: | General | QA Contact: | mxie <mxie> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | low | ||
| Priority: | low | CC: | chhu, hongzliu, jdenemar, juzhou, lersek, lmen, mprivozn, rjones, tyan, tzheng, virt-maint, vwu, xiaodwan |
| Version: | 9.3 | Keywords: | Triaged, Upstream |
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-9.2.0-1.el9 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-11-07 08:31:00 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | 9.2.0 |
| Embargoed: | |||
It's my understanding that the '@vsphere.local' is configured during esx installation, is that correct? I couldn't find more info in the docs, unfortunately. I'm not against changing the default, I just want to have something to refer to in the commit message. (Repeating my comments here, from the email discussion between Ming Xie and myself.) The proper username in this context is "administrator@<Single-Sign-On-Domain>". <Single-Sign-On-Domain> is something you specify when you install the vsphere server (not esx (the base kernel + hypervisor), but vsphere (the management guest)). By default, <Single-Sign-On-Domain> is "vsphere.local". Therefore, the username should default to "administrator". Even if the user set up a different single-sign-on-domain name, when installing vsphere, the *format* of the default will indicate that they need to enter the @<Single-Sign-On-Domain> suffix as well! This is actually pretty relevant, because someone not familiar with vsphere particulars will struggle to construct the proper user name (there are many possibilities, unfortunately -- the esxi + vsphere installation processes deal with multiple usernames). Personally I struggled for a long time until I managed to set up vsphere *and* fill in the username properly. The default username (currently: "administrator", which we do not like) comes from the esxConnectToVCenter() function in "src/esx/esx_driver.c" file. (In reply to Michal Privoznik from comment #1) > It's my understanding that the '@vsphere.local' is configured during esx > installation, is that correct? I couldn't find more info in the docs, > unfortunately. I'm not against changing the default, I just want to have > something to refer to in the commit message. As Laslzo said, <Single-Sign-On-Domain> must be configured during installation of vCenter server for username 'administrator' and vsphere.local is the default setting, please refer to the screenshot, so administrator is not the correct username, better change it serves as administrator Patch posted on the list: https://listman.redhat.com/archives/libvir-list/2023-March/239008.html Merged upstream as:
commit d05ad0f15e737fa2327dd68870a485821505b58f
Author: Michal Prívozník <mprivozn>
AuthorDate: Fri Mar 24 12:03:28 2023 +0100
Commit: Michal Prívozník <mprivozn>
CommitDate: Fri Mar 24 14:44:54 2023 +0100
esx: Change the default username when connecting to VCenter
While it's true that the default username is:
administrator@${SSO-Domain}
in majority of cases the ${SSO-Domain} is "vsphere.local". But
our code (and what virsh displays then) says it's just
"administrator".
This is wrong also from a different POV: the username must
contain the suffix no matter what and our default suggests
otherwise.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2181234
Signed-off-by: Michal Privoznik <mprivozn>
Reviewed-by: Martin Kletzander <mkletzan>
v9.1.0-287-gd05ad0f15e
Test the bug with libvirt-client-9.2.0-1.el9.x86_64
Steps:
1.Use virsh to connect VMware source without setting username
# virsh -c vpx://10.73.212.149/data/10.73.212.36/?no_verify=1
Enter username for 10.73.212.149 [administrator]:
Enter administrator's password for 10.73.212.149:
Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands
'quit' to quit
virsh #
Result:
The bug has been fixed
Are there implications for virt-v2v? I think we always use the default libvirt name, unless it is overridden in the URI supplied to the 'virt-v2v -ic' option. I'm assuming this change was made because of some virt-v2v problem, but I don't see any linked bugs ... (In reply to Richard W.M. Jones from comment #8) > Are there implications for virt-v2v? I think we always use the default > libvirt name, unless it is overridden in the URI supplied to the 'virt-v2v > -ic' option. > > I'm assuming this change was made because of some virt-v2v problem, but I > don't see any linked bugs ... Note I'm not objecting to the libvirt change. Verify the bug with libvirt-client-9.3.0-2.el9.x86_64
Steps:
1.Use virsh to connect VMware source without setting username
# virsh -c vpx://10.73.212.149/data/10.73.212.36/?no_verify=1
Enter username for 10.73.212.149 [administrator]:
Enter administrator's password for 10.73.212.149:
Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands
'quit' to quit
virsh #
Result:
No problem found, move the bug to verified status
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: libvirt security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:6409 |
Description of problem: Set administrator as default username when connect VMware source by virsh Version-Release number of selected component (if applicable): libvirt-client-9.1.0-1.el9.x86_64 qemu-img-7.2.0-14.el9_2.x86_64 How reproducible: 100% Steps to Reproduce: 1.Use virsh to connect VMware source without setting username # virsh -c vpx://10.73.212.149/data/10.73.212.36/?no_verify=1 Enter username for 10.73.212.149 [administrator]: administrator Enter administrator's password for 10.73.212.149: Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh # Actual results: Currently, virsh use administrator as default username to connect VMware source Expected results: As above description Additional info: