Bug 1343423 - [RFE]Should give a better description about 'curl error 22' when failed using ssh identity http url at p2v client
Summary: [RFE]Should give a better description about 'curl error 22' when failed using...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libguestfs
Version: 7.3
Hardware: x86_64
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Richard W.M. Jones
QA Contact: Virtualization Bugs
URL:
Whiteboard: P2V
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-06-07 10:08 UTC by mxie@redhat.com
Modified: 2016-11-03 18:01 UTC (History)
5 users (show)

Fixed In Version: libguestfs-1.32.5-4.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-03 18:01:32 UTC
Target Upstream Version:


Attachments (Terms of Use)
curl error 22 (112.63 KB, image/png)
2016-06-07 10:08 UTC, mxie@redhat.com
no flags Details
p2v-curl-errors.png (17.08 KB, image/png)
2016-06-07 13:54 UTC, Richard W.M. Jones
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2576 0 normal SHIPPED_LIVE Moderate: libguestfs and virt-p2v security, bug fix, and enhancement update 2016-11-03 12:06:51 UTC

Description mxie@redhat.com 2016-06-07 10:08:04 UTC
Created attachment 1165567 [details]
curl error 22

Description of problem:
[RFE]Should give a better description about 'curl error 22' when failed using ssh identity http url at p2v client


Version-Release number of selected component (if applicable):
virt-p2v-1.32.5-2.el7.iso
virt-v2v-1.32.5-2.el7.x86_64
libguestfs-1.32.5-2.el7.x86_64



How reproducible:
100%

Steps to Reproduce:
1.Check ssh identity info at virt-p2v manual page
#man virt-p2v
SSH IDENTITIES

SSH identity downloaded from a website. In the GUI, use:

 │          Password: [    <leave this field blank>       ] │
 │                                                          │
 │  SSH Identity URL: [https://internal.example.com/id_rsa] │

or on the kernel command line:

 p2v.identity=https://internal.example.com/id_rsa

Anyone could still download the private key and use it to log in to the virt-v2v conversion server, but you could provide some extra security by configuring the web server to only allow connections from P2V machines.


2.Create a key pair which must have an empty passphrase and let public key append to the authorized_keys file at conversion server 

2.1#ssh-keygen -t rsa -N '' -f id_rsa

2.2#scp id_rsa.pub /root/.ssh/authorized_keys

3.Put the id_rsa at available website, such as http://pan.baidu.com/s/1qXFPzZm, 

4.Boot the machine into p2v client via iso

5.At inputting conversion server info interface, input conversion ip and username and then input id_rsa http url at ssh identity url, then the connection failed with error: curl error 22, pls refer to screenshot 'curl error 22', but the failed reason is not very clear
 


Actual results:
As above description

Expected results:
Should give a better description about 'curl error 22' when failed to use ssh identity http url to connect conversion server at p2v client
 

Additional info:

Comment 2 Richard W.M. Jones 2016-06-07 13:53:16 UTC
I pushed this change which displays the full error message from
curl on failed downloads of the SSH identify URL.

https://github.com/libguestfs/libguestfs/commit/0e0a350c02b9c4d7a4108d2743ee1a61ce88a1f1

Comment 3 Richard W.M. Jones 2016-06-07 13:54:36 UTC
Created attachment 1165659 [details]
p2v-curl-errors.png

This shows what the error looks like in the case of a 403 Forbidden
error of the type seen in bug 1343414.

That's basically all the information that curl gives us.

Comment 5 mxie@redhat.com 2016-06-23 10:05:39 UTC
I can reproduce the bug on build:
virt-p2v-1.32.5-2.el7

Try to verify the bug with build:
virt-p2v-1.32.5-5.el7

Steps:
1.Create a key pair which must have an empty passphrase and let public key append to the authorized_keys file at conversion server 
1.1#ssh-keygen -t rsa -N '' -f id_rsa
1.2#scp id_rsa.pub /root/.ssh/authorized_keys

2.Mount the website to local
mount 10.73.194.27:/vol/S3/libvirtmanual/mxie /mnt

3.Copy the key to website
#cp id_rsa /mnt

4.Don't Change mode of the key, id_rsa has default mode: 0600
#ll /mnt
-rw-------. 1 root root       1675 Jun 24  2016 id_rsa

5.Boot the machine into p2v client via iso

6.At inputting conversion server info interface, input conversion ip and username and then input id_rsa http url at ssh identity url as http://fileshare.englab.nay.redhat.com/pub/section3/libvirtmanual/mxie/id_rsa 

Result now:
The error shows:http://fileshare.englab.nay.redhat.com/pub/section3/libvirtmanual/mxie/id_rsa:curl:(22)the requested URL returned error:403 Forbidden after step6.so the error reason is easy to understand now

So move the bug from ON_QA to VERIFIED

Comment 7 errata-xmlrpc 2016-11-03 18:01:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2576.html


Note You need to log in before you can comment on or make changes to this bug.