Bug 671094

Summary: Cannot convert VM to libvirt with non-root user
Product: Red Hat Enterprise Linux 6 Reporter: Rita Wu <rwu>
Component: virt-v2vAssignee: Matthew Booth <mbooth>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: low    
Version: 6.1CC: cwei, mshao, qguan, rjones, tzheng, whuang, yupzhang
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: virt-v2v-0.8.2-2.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 15:07:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rita Wu 2011-01-20 10:08:36 UTC 
Description of problem:
Cannot convert ESX VM to libvirt with non-root user and /home/$non-root/.netrc. If it is the expected result, then the manual page should be updated to emphasis this and also the path of netrc should be changed to root/.netrc. 

man virt-v2v:
virt-v2v supports password authentication when connecting to ESX. It reads passwords from $HOME/.netrc.

Version-Release number of selected component (if applicable):
virt-v2v-0.7.0-1.el6.x86_64
libguestfs-1.7.17-11.el6.x86_64
libguestfs-tools-1.7.17-11.el6.x86_64
libvirt-0.8.7-2.el6.x86_64


How reproducible:
always

Steps to Reproduce:

1. Create ~/.netrc with non-root user and set permission to 600
[root@dhcp-66-92-183 /]# su - wll
[wll@dhcp-66-92-183 ~]$ ll ~/.netrc 
-rw-------. 1 wll wll 51 Jan 14 13:56 /home/wll/.netrc

2. Convert an ESX VM to libvirt pool with non-root user 

[wll@dhcp-66-92-183 ~]$ virsh pool-list --all
Name                 State      Autostart 
-----------------------------------------
dir_pool             active     no        

[wll@dhcp-66-92-183 ~]$ virt-v2v -ic esx://10.66.72.149/?no_verify=1 -op dir_pool ESX4.0-rhel5u6-64b
virt-v2v: Failed to connect to qemu:///system: libvirt error code: 45, message: authentication failed



  
Actual results:
Fail to connect to ESX server.

Expected results:
Emphasis only root user can convert ESX VM to libvirt in man virt-v2v  or convert successfully with non-root user 



Additional info:
V2V can connect to ESX server with root user and /root/.netrc. 

[root@dhcp-66-92-183 /]# ll ~/.netrc 
-rw-------. 1 root root 53 Dec  2 13:59 /root/.netrc
[root@dhcp-66-92-183 /]# virt-v2v -ic esx://10.66.72.149/?no_verify=1 -o rhev -osd 10.66.90.115:/vol/v2vrwu1/xen_export ESX4.0-rhel5u6-64b
Guessing terminal width due to problem with Term::ReadKey
terminal width 50 too small for bar; defaulting to 10
ESX4.0-rhel5u6-64b_ESX4.0-rhel5u6-64b:   2% [= *       ]7m20s Left^Cvirt-v2v: Received signal INT. Exiting.
Comment 2 Matthew Booth 2011-02-11 11:04:37 UTC 
I don't think this has anything to do with ESX. I believe this would be the behaviour when converting any guest to this target.

Note that the libvirt connection which is failing is to qemu:///system, which is the local system connection. No error is given about the esx connection, which I would expect to succeed.

In order to do this as non-root, you'd need to change the output connection type to qemu:///session, and write to a pool defined against the local session which the current user has write access to. This scenario is currently of pretty limited value, so we haven't spent much time on it.

I think we could improve the error message, but until there's capacity to test this properly I'm inclined to just continue recommending that virt-v2v is run as root.
Comment 4 Matthew Booth 2011-06-10 08:56:50 UTC 
*** Bug 701920 has been marked as a duplicate of this bug. ***
Comment 5 Matthew Booth 2011-07-28 14:35:09 UTC 
This works if you:

* Specify -oc qemu:///session
* Specify a local virt-v2v.conf with a writable location for transfer.iso
* Fudge the domain XML afterwards to specify user mode networking
Comment 6 Huang Wenlong 2011-08-01 05:34:17 UTC 
(In reply to comment #5)
> This works if you:
> 
> * Specify -oc qemu:///session
> * Specify a local virt-v2v.conf with a writable location for transfer.iso
> * Fudge the domain XML afterwards to specify user mode networking

Hi, Matt
Thanks your work around ,I can convert esx guest with -oc qemu:///session  and specify virt-v2v.conf and writable transfer.iso by normal user , I also think it will be better to improve the error message or mention it in the man page for customers.

Wenlong
Comment 7 Matthew Booth 2011-08-09 11:11:54 UTC 
This is fixed upstream is commits:

76b2fe5a0a9289bf950c082a0dccc6c7948d9642
c5234f8c5f7c9518c60b41de2a7377fcfb4c2bcd

When running as non-root, the libvirt output uri will default to qemu:///session. The transfer iso location is now also no longer configurable, and uses the default temporary directory. This means a non-root user doesn't need to specify an alternate location. Networking is still not handled gracefully, though.
Comment 9 tingting zheng 2011-08-22 07:19:15 UTC 
Verified this bug with the following packages:
virt-v2v-0.8.3-1.el6.x86_64
libguestfs-1.7.17-26.el6.x86_64
libvirt-0.9.4-4.el6.x86_64   

Steps:
1. Create ~/.netrc with non-root user and set permission to 600
[root@tzheng-rhevm ~]# su  tzheng
[tzheng@tzheng-rhevm ~]$ ll .netrc 
-rw-------. 1 tzheng tzheng 150 Aug 11 11:13 .netrc


2. Convert an ESX VM to libvirt pool with non-root user 

[tzheng@tzheng-rhevm ~]$ virsh pool-list 
Name                 State      Autostart 
-------------------------------------
tzheng-pool          active     no  
  
[tzheng@tzheng-rhevm ~]$ virt-v2v -oc qemu:///session -ic esx://10.66.72.149/?no_verify=1 -os tzheng-pool -b rhevm esx4.0-rhel5.6-x86_64
ESX4.0-rhel5u6-64b_ESX4.0-rhel5u6-64b: 100% [=====================================================================]D 0h12m56s
virt-v2v: esx4.0-rhel5.6-x86_64 configured with virtio drivers.
Comment 10 errata-xmlrpc 2011-12-06 15:07:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1615.html