1373710 – qemu-img: unable to create images via ftp/ftps

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1373710 - qemu-img: unable to create images via ftp/ftps

Summary: qemu-img: unable to create images via ftp/ftps

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm-rhev
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Hanna Czenczek
QA Contact:	Ping Li
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1375408
TreeView+	depends on / blocked

Reported:	2016-09-07 03:12 UTC by Han Han
Modified:	2018-03-22 03:28 UTC (History)
CC List:	17 users (show)
Fixed In Version:	2.8.0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-01 23:34:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:2392	0	normal	SHIPPED_LIVE	Important: qemu-kvm-rhev security, bug fix, and enhancement update	2017-08-01 20:04:36 UTC

Comment 1 Han Han 2016-09-07 03:15:09 UTC

The bug may block the verify of BZ1134878.

Comment 3 Ademar Reis 2016-09-07 13:44:06 UTC

This is a corner case that doesn't seem to affect layered products, so I'm deferring it to 7.4.

Would it be possible to verify Bug 1134878 without this particular use-case?

Comment 4 Hanna Czenczek 2016-10-24 19:36:25 UTC

It seems to me the bigger problem is that you can't open FTP images at all. I'll try to fix it upstream and then we'll see how difficult a backport is.

Max

Comment 6 Ping Li 2017-01-17 09:54:59 UTC

Hi Max,
Seems qemu-img still failed to create images via ftps protocol. Could you help to check my steps?

Verify this bug on:
Host: 
kernel-3.10.0-542.el7.x86_64
qemu-kvm-rhev-2.8.0-2.el7
Test steps:
1. Setup ftp/ftps server.
2. Use qemu-img to create and get info via ftp
2.1 create external snapshot via ftp
# curl ftp://127.0.0.1/base.qcow2 --user ftpuser:redhat -o file_ftpuser
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  192k  100  192k    0     0  39.6M      0 --:--:-- --:--:-- --:--:-- 46.8M
>From server side, we get the log:
[I 2017-01-17 04:41:45] 127.0.0.1:59618-[] FTP session opened (connect)
[I 2017-01-17 04:41:45] 127.0.0.1:59618-[ftpuser] USER 'ftpuser' logged in.
[I 2017-01-17 04:41:45] 127.0.0.1:59618-[ftpuser] RETR /home/ftp/root/base.qcow2 completed=1 bytes=196688 seconds=0.002
[I 2017-01-17 04:41:45] 127.0.0.1:59618-[ftpuser] FTP session closed (disconnect).
# qemu-img create --object secret,id=sec0,data=`printf %s "redhat" | base64`,format=base64 -f qcow2 -b 'json:{"file.driver":"ftp", "file.url":"ftp://127.0.0.1/base.qcow2", "file.username":"ftpuser", "file.password-secret":"sec0"}' ftp_1.qcow2
Formatting 'ftp_1.qcow2', fmt=qcow2 size=5368709120 backing_file=json:{"file.driver":"ftp",, "file.url":"ftp://127.0.0.1/base.qcow2",, "file.username":"ftpuser",, "file.password-secret":"sec0"} encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16
>From server side, we get the log:
[I 2017-01-17 04:42:46] 127.0.0.1:59622-[] FTP session opened (connect)
[I 2017-01-17 04:42:46] 127.0.0.1:59622-[ftpuser] USER 'ftpuser' logged in.
[I 2017-01-17 04:42:46] 127.0.0.1:59622-[ftpuser] FTP session closed (disconnect).
[I 2017-01-17 04:42:46] 127.0.0.1:59624-[] FTP session opened (connect)
[I 2017-01-17 04:42:46] 127.0.0.1:59624-[ftpuser] USER 'ftpuser' logged in.
[I 2017-01-17 04:42:46] 127.0.0.1:59624-[ftpuser] RETR /home/ftp/root/base.qcow2 completed=1 bytes=196688 seconds=0.002
[I 2017-01-17 04:42:46] 127.0.0.1:59624-[ftpuser] FTP session closed (disconnect).
# qemu-img info ftp_1.qcow2 
image: ftp_1.qcow2
file format: qcow2
virtual size: 5.0G (5368709120 bytes)
disk size: 196K
cluster_size: 65536
backing file: json:{"file.driver":"ftp", "file.url":"ftp://127.0.0.1/base.qcow2", "file.username":"ftpuser", "file.password-secret":"sec0"}
Format specific information:
    compat: 1.1
    lazy refcounts: false
    refcount bits: 16
    corrupt: false
2.2 Use anonymous to get image info via ftp:
# curl ftp://127.0.0.1/base.qcow2 -o file_anonymous
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  192k  100  192k    0     0  41.9M      0 --:--:-- --:--:-- --:--:-- 46.8M
>From server side, we get the log:
[I 2017-01-17 04:46:45] 127.0.0.1:59628-[] FTP session opened (connect)
[I 2017-01-17 04:46:45] 127.0.0.1:59628-[anonymous] USER 'anonymous' logged in.
[I 2017-01-17 04:46:45] 127.0.0.1:59628-[anonymous] RETR /home/ftp/root/base.qcow2 completed=1 bytes=196688 seconds=0.002
[I 2017-01-17 04:46:45] 127.0.0.1:59628-[anonymous] FTP session closed (disconnect).
# qemu-img info ftp://127.0.0.1/base.qcow2
image: json:{"driver": "qcow2", "file": {"url": "ftp://127.0.0.1/base.qcow2", "driver": "ftp"}}
file format: qcow2
virtual size: 5.0G (5368709120 bytes)
disk size: unavailable
cluster_size: 65536
Format specific information:
    compat: 1.1
    lazy refcounts: false
    refcount bits: 16
    corrupt: false
>From server side, we get the log:
[I 2017-01-17 04:47:06] 127.0.0.1:59632-[] FTP session opened (connect)
[I 2017-01-17 04:47:06] 127.0.0.1:59632-[anonymous] USER 'anonymous' logged in.
[I 2017-01-17 04:47:06] 127.0.0.1:59632-[anonymous] FTP session closed (disconnect).
[I 2017-01-17 04:47:06] 127.0.0.1:59634-[] FTP session opened (connect)
[I 2017-01-17 04:47:06] 127.0.0.1:59634-[anonymous] USER 'anonymous' logged in.
[I 2017-01-17 04:47:06] 127.0.0.1:59634-[anonymous] RETR /home/ftp/root/base.qcow2 completed=1 bytes=196688 seconds=0.002
[I 2017-01-17 04:47:06] 127.0.0.1:59634-[anonymous] FTP session closed (disconnect).
3. Use qemu-img to create image via ftps: 
# curl -k --ftp-ssl ftp://127.0.0.1:2222/base.qcow2 --user ftpuser:redhat -o file_ftpuser_ftps
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  192k  100  192k    0     0   861k      0 --:--:-- --:--:-- --:--:--  865k
>From server side, we get the log:
[I 2017-01-17 04:48:49] 127.0.0.1:42464-[] FTP session opened (connect)
[I 2017-01-17 04:48:49] 127.0.0.1:42464-[ftpuser] USER 'ftpuser' logged in.
[I 2017-01-17 04:48:49] 127.0.0.1:42464-[ftpuser] RETR /home/ftp/root/base.qcow2 completed=1 bytes=196688 seconds=0.031
[I 2017-01-17 04:48:49] 127.0.0.1:42464-[ftpuser] FTP session closed (disconnect).
# qemu-img create --object secret,id=sec0,data=`printf %s "redhat" | base64`,format=base64 -f qcow2 -b 'json:{"file.driver":"ftps", "file.url":"ftp://127.0.0.1:2222/base.qcow2", "file.username":"ftpuser", "file.password-secret":"sec0", "file.sslverify":"off"}' ftp_2.qcow2
qemu-img: ftp_2.qcow2: CURL: Error opening file: Access denied: 550
>From server side, we get the log:  ------> still failed
[I 2017-01-17 04:49:27] 127.0.0.1:42468-[] FTP session opened (connect)
[I 2017-01-17 04:49:27] 127.0.0.1:42468-[] FTP session closed (disconnect).

Comment 8 Hanna Czenczek 2017-01-18 16:05:53 UTC

Hi pingl,

qemu does not support explicit FTPS mode but only the implicit mode (see https://en.wikipedia.org/wiki/FTPS#Methods_of_invoking_security). I think your server is configured to use the explicit mode (judging from the fact that you are using --ftp-ssl and "ftp://" with curl). You can test whether implicit mode works by using "ftps://" for the curl invocation and by dropping the --ftp-ssl option there.

Max

Comment 10 Ping Li 2017-01-19 06:18:16 UTC

Set the bug as verified according to the comment 9.

Comment 12 errata-xmlrpc 2017-08-01 23:34:44 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 13 errata-xmlrpc 2017-08-02 01:12:22 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 14 errata-xmlrpc 2017-08-02 02:04:21 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 15 errata-xmlrpc 2017-08-02 02:45:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 16 errata-xmlrpc 2017-08-02 03:09:50 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 17 errata-xmlrpc 2017-08-02 03:29:59 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Note You need to log in before you can comment on or make changes to this bug.