1340809 – Testing connection timeout when input regular user of conversion server with checked "use sudo......"button

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1340809 - Testing connection timeout when input regular user of conversion server with checked "use sudo......"button

Summary: Testing connection timeout when input regular user of conversion server with ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libguestfs
Sub Component:
Version:	7.3
Hardware:	x86_64
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Richard W.M. Jones
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:	P2V
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-05-30 10:41 UTC by keanli
Modified:	2016-11-03 18:00 UTC (History)
CC List:	7 users (show)
Fixed In Version:	libguestfs-1.32.5-6.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-11-03 18:00:29 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
screenshot for virt-p2v_client (78.54 KB, image/jpeg) 2016-05-30 10:43 UTC, keanli	no flags	Details
without_sudo selected (4.31 KB, text/plain) 2016-05-30 10:58 UTC, keanli	no flags	Details
with_sudo_selected (4.31 KB, text/plain) 2016-05-30 11:02 UTC, keanli	no flags	Details
png-1 (108.96 KB, image/png) 2016-06-23 07:50 UTC, zhoujunqin	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:2576	0	normal	SHIPPED_LIVE	Moderate: libguestfs and virt-p2v security, bug fix, and enhancement update	2016-11-03 12:06:51 UTC

Description keanli 2016-05-30 10:41:31 UTC

Description of problem:
Testing connection timeout when input regular user of conversion server with checked "use sudo......"button 

Version-Release number of selected component (if applicable):
libguestfs-1.32.4-2.el7.x86_64
virt-v2v-1.32.4-2.el7.x86_64
virt-p2v-1.32.4-1.el7.iso


How reproducible:
100%

Steps to Reproduce:
1.Boot the source machine into p2v client via iso
2.Input the correct ip and REGULAR user with correct password of conversion server 
3.Select the "Use sudo when running virt-v2v"button 
4.Click the "Test connection" button
5.Get the error:timeout waiting for virt-v2v --version output.Please check the screenshot in attachment

Actual results:
As above step 5

Expected results:
It's should be testing connection successfully, the "Next"button will available

Additional info:
1.It's also can reproduce on virt-p2v-1.28.1-1.51.3.el7.1
2.If unselect the "Use sudo when running virt-v2v " with regular user ,it's will testing connection successfully.The "Next "button will available 
3.Try to convert it without "use sudo when running virt-v2v " select failed, please check the log "without_sudo "
4.Try to convert it with "use sudo when running virt-v2v " select failed, please check the log "with_sudo "

Comment 1 keanli 2016-05-30 10:43:59 UTC

Created attachment 1162772 [details]
screenshot for virt-p2v_client

Comment 2 keanli 2016-05-30 10:58:57 UTC

Created attachment 1162775 [details]
without_sudo selected

Comment 3 keanli 2016-05-30 11:02:12 UTC

Created attachment 1162776 [details]
with_sudo_selected

Comment 5 Pino Toscano 2016-05-30 15:51:15 UTC

The "Use sudo when running virt-v2v" checkbox means that it will try to run "sudo virt-v2v --version" instead of "virt-v2v --version" on the conversion server, after a successful SSH login.

Login to the conversion server with the same credentials shown in attachment 1162772 [details] and try to run "sudo virt-v2v --version", do you get something like:

  $ sudo whoami
  [sudo] password for kean: 

with the prompt that waits for your password?  If so, then we can just pass -n/--non-interactive to sudo, so it will error out immediately in this case, instead of waiting for a password input.

Comment 6 keanli 2016-05-31 09:29:55 UTC

(In reply to Pino Toscano from comment #5)
> The "Use sudo when running virt-v2v" checkbox means that it will try to run
> "sudo virt-v2v --version" instead of "virt-v2v --version" on the conversion
> server, after a successful SSH login.
> 
> Login to the conversion server with the same credentials shown in attachment
> 1162772 [details] and try to run "sudo virt-v2v --version", do you get
> something like:
> 
>   $ sudo whoami
>   [sudo] password for kean: 
> 
> with the prompt that waits for your password?  If so, then we can just pass
> -n/--non-interactive to sudo, so it will error out immediately in this case,
> instead of waiting for a password input.
Update check manual page for this bug 
1.Check the manual page for virt-p2v
#man virt-p2v
......
Normally you must log in to the conversion server as root, but if you
       check the following box:

        |                                                        |
        |                    [ ] Use sudo when running virt-v2v  |
        |                                                        |

       then you can log in as another user, and virt-p2v will use the
       sudo(8) command to elevate privileges to root.  Note that sudo must
       not require a password.
......
Follow your steps do the testing:
yes, I can meet need request password as your said

Comment 7 Pino Toscano 2016-05-31 10:08:46 UTC

Thanks for testing -- patch posted:
  https://www.redhat.com/archives/libguestfs/2016-May/msg00247.html

Comment 8 Pino Toscano 2016-05-31 10:46:07 UTC

Fixed with
https://github.com/libguestfs/libguestfs/commit/603f4f1c230a459462e4fddb0ab7a766ae2f6199
which is in libguestfs >= 1.33.33.

Comment 10 zhoujunqin 2016-06-23 03:51:44 UTC

I can reproduce this issue with build:
virt-p2v-1.32.4-3.el7.iso

Then try to verify this bug with new build:
virt-p2v-1.32.5-5.el7.iso

Steps:
1.Boot the source machine into p2v client via iso
2.After virt-p2v client launched, fill information items:
 Conversion server: 10.66.71.81

3.Select the "Use sudo when running virt-v2v"button 
4.Click the "Test connection" button
5.Get the error:timeout waiting for virt-v2v --version output.Please check the

Comment 11 zhoujunqin 2016-06-23 03:52:59 UTC

I'm so sorry about wrong operation, please ignore Comment 10, thanks.

Comment 12 zhoujunqin 2016-06-23 07:50:08 UTC

I can reproduce this issue with build:
virt-p2v-1.32.4-3.el7.iso

Then try to verify this bug with new build:
virt-p2v-1.32.5-5.el7.iso

Steps:

Scenario-1 non-root user run sudo without password
steup:
a. login in conversion with root user, then configure file /etc/sudoers to add user 'juzhou' in sudoers file and can run sudo without password
# vim /etc/sudoers
...
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
juzhou ALL=(ALL) NOPASSWD: ALL<-----Add this line, then save file.
...

b. Login conversion server with 'juzhou' again and check modification take effects.
$ sudo whoami
root

1.1 Boot the source machine into p2v client via iso
1.2 After virt-p2v client launched, fill information as following:
Conversion server: 10.66.71.81 : 22
User name:juzhou(a non-root user)
Password:******
1.3 Check "Use sudo when running virt-v2v" button
1.4 Press "Test connection" button

Result:
1. After 'Test connection' finished, we can see message:
Connected to the conversion server.
Press the "Next" button to configure the conversion process.

Then we can press "Next" button to continue.

Scenario-2 non-root user run sudo with password
$ sudo whoami
[sudo] password for juzhou:
juzhou is not in the sudoers file. This incident will be reported.

2.1 Boot the source machine into p2v client via iso
2.2 After virt-p2v client launched, fill information as following:
Conversion server: 10.66.71.81 : 22
User name:juzhou(a non-root user)
Password:******
2.3 Check "Use sudo when running virt-v2v" button
2.4 Press "Test connection" button

Result:
1. 'Test connection' failed with error message:
virt-v2v is not installed on the conversion server, or it might be a too old version.
Details please see png-1.

2.Check virt-v2v version by command.
# virt-v2v --version
virt-v2v 1.32.5rhel=7,release=5.el7,libvirt

In fact virt-v2v is installed in conversion server and is the latest one.

For scenario-2, the error message is not right and clear to user.

so Pino Toscano, please help me have a look of my steps, thanks.

Comment 13 zhoujunqin 2016-06-23 07:50:44 UTC

Created attachment 1171325 [details]
png-1

Comment 14 Pino Toscano 2016-06-23 08:42:14 UTC

(In reply to zhoujunqin from comment #12)
> Scenario-2 non-root user run sudo with password
> $ sudo whoami
> [sudo] password for juzhou: 
> juzhou is not in the sudoers file.  This incident will be reported.
> 
> 2.1 Boot the source machine into p2v client via iso
> 2.2 After virt-p2v client launched, fill information as following:
> Conversion server: 10.66.71.81 : 22
> User name:juzhou(a non-root user)
> Password:******
> 2.3 Check "Use sudo when running virt-v2v" button 
> 2.4 Press "Test connection" button
> 
> Result:
> 1. 'Test connection' failed with error message:
> virt-v2v is not installed on the conversion server, or it might be a too old
> version.
> Details please see png-1.
> 
> 2.Check virt-v2v version by command.
> # virt-v2v --version
> virt-v2v 1.32.5rhel=7,release=5.el7,libvirt
> 
> In fact virt-v2v is installed in conversion server and is the latest one.
> 
> For scenario-2, the error message is not right and clear to user.
> 
> so Pino Toscano, please help me have a look of my steps, thanks.

The steps I see are correct -- OTOH you are describing a new bug, that the error message in this case is not clear.  The original issue in this bug (connection timing out) looks solved to me.

Can you please file a new bug for the unclear error message? Thanks.

Comment 15 Richard W.M. Jones 2016-06-23 08:46:57 UTC

What is happening in comment 12 scenario 2:

virt-p2v logs into the conversion server and tries to run

  sudo -n virt-v2v --version

This fails because sudo is not permitted without a password.  The error
message (which is hidden by virt-p2v) would be something like:

  sudo: a password is required

I will add a commit to make the error message better.

Comment 16 mxie@redhat.com 2016-06-23 08:54:59 UTC

Hi Pino,

I have some query about Scenario-1 non-root user run sudo without password
Do you mean that if customer want to use regular user in p2v client and select "Use sudo when running virt-v2v" to elevate root privileges to regular user, he must configure regular user in sudoers file at first?

Comment 17 Pino Toscano 2016-06-23 08:57:12 UTC

(In reply to mxie from comment #16)
> Do you mean that if customer want to use regular user in p2v client and
> select "Use sudo when running virt-v2v" to elevate root privileges to
> regular user, he must configure regular user in sudoers file at first?

Yes, that is correct.  It is also already mentioned in the virt-p2v manual page (see also comment #6).

Comment 18 Pino Toscano 2016-06-23 09:28:29 UTC

(In reply to Pino Toscano from comment #14)
> The steps I see are correct -- OTOH you are describing a new bug, that the
> error message in this case is not clear.

Fixed upstream with commit
https://github.com/libguestfs/libguestfs/commit/5b6a8e086264c85fb048c0eadff6c34351663133

Comment 19 zhoujunqin 2016-06-23 09:40:48 UTC

(In reply to Pino Toscano from comment #18)
> (In reply to Pino Toscano from comment #14)
> > The steps I see are correct -- OTOH you are describing a new bug, that the
> > error message in this case is not clear.
> 
> Fixed upstream with commit
> https://github.com/libguestfs/libguestfs/commit/
> 5b6a8e086264c85fb048c0eadff6c34351663133

Hi Pino
I have filed a bug for this problem,https://bugzilla.redhat.com/show_bug.cgi?id=1349342, thanks

Comment 20 Pino Toscano 2016-06-23 09:41:56 UTC

(In reply to zhoujunqin from comment #19)
> (In reply to Pino Toscano from comment #18)
> > (In reply to Pino Toscano from comment #14)
> > > The steps I see are correct -- OTOH you are describing a new bug, that the
> > > error message in this case is not clear.
> > 
> > Fixed upstream with commit
> > https://github.com/libguestfs/libguestfs/commit/
> > 5b6a8e086264c85fb048c0eadff6c34351663133
> 
> Hi Pino
> I have filed a bug for this
> problem,https://bugzilla.redhat.com/show_bug.cgi?id=1349342, thanks

Thank you.

Comment 22 zhoujunqin 2016-06-27 09:00:32 UTC

Try to verify this bug again with build:
virt-p2v-1.32.5-6.el7.iso


Steps:

Environment setup: To enable non-root user sudo is permitted without a password

a. login in conversion with root user, then configure file /etc/sudoers to add user 'juzhou' in sudoers file and can run sudo without password
# vim /etc/sudoers
...
## Allow root to run any commands anywhere 
root    ALL=(ALL)       ALL
juzhou    ALL=(ALL)       NOPASSWD: ALL<-----Add this line, then save file.
...

b. Login conversion server with 'juzhou' again and check modification take effects.
$ sudo whoami
root

1. Boot the source machine into p2v client via iso
2. After virt-p2v client launched, fill information as following:
Conversion server: 10.66.xx.xx : 22
User name:juzhou(a non-root user)
Password:******
3. Check "Use sudo when running virt-v2v" button 
4. Press "Test connection" button

Result: 
After 'Test connection' finished, we can see message:
Connected to the conversion server.
Press the "Next" button to configure the conversion process.

No timeout showing during testing connection,then we can press "Next" button to continue and conversion will finish with no error.

So move this bug from ON_QA to VERIFIED.

Comment 25 errata-xmlrpc 2016-11-03 18:00:29 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2576.html

Note You need to log in before you can comment on or make changes to this bug.