Bug 1373710 - qemu-img: unable to create images via ftp/ftps
Summary: qemu-img: unable to create images via ftp/ftps
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev   
(Show other bugs)
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Max Reitz
QA Contact: Ping Li
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 1375408
TreeView+ depends on / blocked
 
Reported: 2016-09-07 03:12 UTC by Han Han
Modified: 2018-03-22 03:28 UTC (History)
17 users (show)

Fixed In Version: 2.8.0
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-01 23:34:44 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:2392 normal SHIPPED_LIVE Important: qemu-kvm-rhev security, bug fix, and enhancement update 2017-08-01 20:04:36 UTC

Comment 1 Han Han 2016-09-07 03:15:09 UTC
The bug may block the verify of BZ1134878.

Comment 3 Ademar Reis 2016-09-07 13:44:06 UTC
This is a corner case that doesn't seem to affect layered products, so I'm deferring it to 7.4.

Would it be possible to verify Bug 1134878 without this particular use-case?

Comment 4 Max Reitz 2016-10-24 19:36:25 UTC
It seems to me the bigger problem is that you can't open FTP images at all. I'll try to fix it upstream and then we'll see how difficult a backport is.

Max

Comment 6 Ping Li 2017-01-17 09:54:59 UTC
Hi Max,
Seems qemu-img still failed to create images via ftps protocol. Could you help to check my steps?

Verify this bug on:
Host: 
kernel-3.10.0-542.el7.x86_64
qemu-kvm-rhev-2.8.0-2.el7
Test steps:
1. Setup ftp/ftps server.
2. Use qemu-img to create and get info via ftp
2.1 create external snapshot via ftp
# curl ftp://127.0.0.1/base.qcow2 --user ftpuser:redhat -o file_ftpuser
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  192k  100  192k    0     0  39.6M      0 --:--:-- --:--:-- --:--:-- 46.8M
>From server side, we get the log:
[I 2017-01-17 04:41:45] 127.0.0.1:59618-[] FTP session opened (connect)
[I 2017-01-17 04:41:45] 127.0.0.1:59618-[ftpuser] USER 'ftpuser' logged in.
[I 2017-01-17 04:41:45] 127.0.0.1:59618-[ftpuser] RETR /home/ftp/root/base.qcow2 completed=1 bytes=196688 seconds=0.002
[I 2017-01-17 04:41:45] 127.0.0.1:59618-[ftpuser] FTP session closed (disconnect).
# qemu-img create --object secret,id=sec0,data=`printf %s "redhat" | base64`,format=base64 -f qcow2 -b 'json:{"file.driver":"ftp", "file.url":"ftp://127.0.0.1/base.qcow2", "file.username":"ftpuser", "file.password-secret":"sec0"}' ftp_1.qcow2
Formatting 'ftp_1.qcow2', fmt=qcow2 size=5368709120 backing_file=json:{"file.driver":"ftp",, "file.url":"ftp://127.0.0.1/base.qcow2",, "file.username":"ftpuser",, "file.password-secret":"sec0"} encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16
>From server side, we get the log:
[I 2017-01-17 04:42:46] 127.0.0.1:59622-[] FTP session opened (connect)
[I 2017-01-17 04:42:46] 127.0.0.1:59622-[ftpuser] USER 'ftpuser' logged in.
[I 2017-01-17 04:42:46] 127.0.0.1:59622-[ftpuser] FTP session closed (disconnect).
[I 2017-01-17 04:42:46] 127.0.0.1:59624-[] FTP session opened (connect)
[I 2017-01-17 04:42:46] 127.0.0.1:59624-[ftpuser] USER 'ftpuser' logged in.
[I 2017-01-17 04:42:46] 127.0.0.1:59624-[ftpuser] RETR /home/ftp/root/base.qcow2 completed=1 bytes=196688 seconds=0.002
[I 2017-01-17 04:42:46] 127.0.0.1:59624-[ftpuser] FTP session closed (disconnect).
# qemu-img info ftp_1.qcow2 
image: ftp_1.qcow2
file format: qcow2
virtual size: 5.0G (5368709120 bytes)
disk size: 196K
cluster_size: 65536
backing file: json:{"file.driver":"ftp", "file.url":"ftp://127.0.0.1/base.qcow2", "file.username":"ftpuser", "file.password-secret":"sec0"}
Format specific information:
    compat: 1.1
    lazy refcounts: false
    refcount bits: 16
    corrupt: false
2.2 Use anonymous to get image info via ftp:
# curl ftp://127.0.0.1/base.qcow2 -o file_anonymous
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  192k  100  192k    0     0  41.9M      0 --:--:-- --:--:-- --:--:-- 46.8M
>From server side, we get the log:
[I 2017-01-17 04:46:45] 127.0.0.1:59628-[] FTP session opened (connect)
[I 2017-01-17 04:46:45] 127.0.0.1:59628-[anonymous] USER 'anonymous' logged in.
[I 2017-01-17 04:46:45] 127.0.0.1:59628-[anonymous] RETR /home/ftp/root/base.qcow2 completed=1 bytes=196688 seconds=0.002
[I 2017-01-17 04:46:45] 127.0.0.1:59628-[anonymous] FTP session closed (disconnect).
# qemu-img info ftp://127.0.0.1/base.qcow2
image: json:{"driver": "qcow2", "file": {"url": "ftp://127.0.0.1/base.qcow2", "driver": "ftp"}}
file format: qcow2
virtual size: 5.0G (5368709120 bytes)
disk size: unavailable
cluster_size: 65536
Format specific information:
    compat: 1.1
    lazy refcounts: false
    refcount bits: 16
    corrupt: false
>From server side, we get the log:
[I 2017-01-17 04:47:06] 127.0.0.1:59632-[] FTP session opened (connect)
[I 2017-01-17 04:47:06] 127.0.0.1:59632-[anonymous] USER 'anonymous' logged in.
[I 2017-01-17 04:47:06] 127.0.0.1:59632-[anonymous] FTP session closed (disconnect).
[I 2017-01-17 04:47:06] 127.0.0.1:59634-[] FTP session opened (connect)
[I 2017-01-17 04:47:06] 127.0.0.1:59634-[anonymous] USER 'anonymous' logged in.
[I 2017-01-17 04:47:06] 127.0.0.1:59634-[anonymous] RETR /home/ftp/root/base.qcow2 completed=1 bytes=196688 seconds=0.002
[I 2017-01-17 04:47:06] 127.0.0.1:59634-[anonymous] FTP session closed (disconnect).
3. Use qemu-img to create image via ftps: 
# curl -k --ftp-ssl ftp://127.0.0.1:2222/base.qcow2 --user ftpuser:redhat -o file_ftpuser_ftps
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  192k  100  192k    0     0   861k      0 --:--:-- --:--:-- --:--:--  865k
>From server side, we get the log:
[I 2017-01-17 04:48:49] 127.0.0.1:42464-[] FTP session opened (connect)
[I 2017-01-17 04:48:49] 127.0.0.1:42464-[ftpuser] USER 'ftpuser' logged in.
[I 2017-01-17 04:48:49] 127.0.0.1:42464-[ftpuser] RETR /home/ftp/root/base.qcow2 completed=1 bytes=196688 seconds=0.031
[I 2017-01-17 04:48:49] 127.0.0.1:42464-[ftpuser] FTP session closed (disconnect).
# qemu-img create --object secret,id=sec0,data=`printf %s "redhat" | base64`,format=base64 -f qcow2 -b 'json:{"file.driver":"ftps", "file.url":"ftp://127.0.0.1:2222/base.qcow2", "file.username":"ftpuser", "file.password-secret":"sec0", "file.sslverify":"off"}' ftp_2.qcow2
qemu-img: ftp_2.qcow2: CURL: Error opening file: Access denied: 550
>From server side, we get the log:  ------> still failed
[I 2017-01-17 04:49:27] 127.0.0.1:42468-[] FTP session opened (connect)
[I 2017-01-17 04:49:27] 127.0.0.1:42468-[] FTP session closed (disconnect).

Comment 8 Max Reitz 2017-01-18 16:05:53 UTC
Hi pingl,

qemu does not support explicit FTPS mode but only the implicit mode (see https://en.wikipedia.org/wiki/FTPS#Methods_of_invoking_security). I think your server is configured to use the explicit mode (judging from the fact that you are using --ftp-ssl and "ftp://" with curl). You can test whether implicit mode works by using "ftps://" for the curl invocation and by dropping the --ftp-ssl option there.

Max

Comment 10 Ping Li 2017-01-19 06:18:16 UTC
Set the bug as verified according to the comment 9.

Comment 12 errata-xmlrpc 2017-08-01 23:34:44 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 13 errata-xmlrpc 2017-08-02 01:12:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 14 errata-xmlrpc 2017-08-02 02:04:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 15 errata-xmlrpc 2017-08-02 02:45:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 16 errata-xmlrpc 2017-08-02 03:09:50 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 17 errata-xmlrpc 2017-08-02 03:29:59 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392


Note You need to log in before you can comment on or make changes to this bug.