Bug 1375157 - virt-v2v: -i ova: Permission denied when using libvirt and running as root
Summary: virt-v2v: -i ova: Permission denied when using libvirt and running as root
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libguestfs
Version: 7.3
Hardware: x86_64
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Richard W.M. Jones
QA Contact: Virtualization Bugs
URL:
Whiteboard: V2V
Depends On: 890291 1045069 1359086 1430680
Blocks: 1401400
TreeView+ depends on / blocked
 
Reported: 2016-09-12 10:25 UTC by mxie@redhat.com
Modified: 2017-08-01 22:11 UTC (History)
9 users (show)

Fixed In Version: libguestfs-1.36.1-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 22:11:26 UTC
Target Upstream Version:

Attachments (Terms of Use)
permission-v2v.log (11.94 KB, text/plain)
2016-09-12 10:26 UTC, mxie@redhat.com 		no flags Details
test-ova.ova (3.89 MB, application/x-tar)
2016-09-12 10:41 UTC, Richard W.M. Jones 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2023 0 normal SHIPPED_LIVE libguestfs bug fix and enhancement update 2017-08-01 19:32:01 UTC

Description mxie@redhat.com 2016-09-12 10:25:59 UTC 
Description of problem:
There is error info about permission when convert a guest from ova file by v2v

Version-Release number of selected component (if applicable):
virt-v2v-1.32.7-3.el7.x86_64
libguestfs-1.32.7-3.el7.x86_64
qemu-kvm-rhev-2.6.0-24.el7.x86_64
libvirt-2.0.0-8.el7.x86_64


How reproducible:
100% 

Steps to Reproduce:
1.Convert a guest from ova file by v2v, but there is error info about permission except error of environment variable, details log pls refer to attachment
# virt-v2v -i ova rhel6.8-vmware-ova.tar -o local -os /var/tmp -of raw
[   0.0] Opening the source -i ova rhel6.8-vmware-ova.tar
[   1.0] Creating an overlay to protect the source from being modified
[   2.7] Initializing the target -o local -os /var/tmp
[   2.7] Opening the overlay
virt-v2v: error: libguestfs error: could not create appliance through 
libvirt.

Try running qemu directly without libvirt using this environment variable:
export LIBGUESTFS_BACKEND=direct

Original error from libvirt: Cannot access backing file 
'/var/tmp/ova.puFtEh/rhel6.8-vmware/juzhou-rhel6u8-disk1.vmdk' of storage 
file '/var/tmp/v2vovl4c0d41.qcow2' (as uid:107, gid:107): Permission denied 
[code=38 int1=13]

If reporting bugs, run virt-v2v with debugging enabled and include the 
complete output:

  virt-v2v -v -x [...]



Actual results:
As above description

Expected results:
There is no error info about permission when convert a guest from ova file by v2v, should shows error info of environment variable as below:
virt-v2v: error: because of libvirt bug 
https://bugzilla.redhat.com/show_bug.cgi?id=1134592 you must set this 
environment variable:

export LIBGUESTFS_BACKEND=direct

and then rerun the virt-v2v command.

If reporting bugs, run virt-v2v with debugging enabled and include the 
complete output:

  virt-v2v -v -x [...]


Additional info:
Comment 1 mxie@redhat.com 2016-09-12 10:26:59 UTC 
Created attachment 1200146 [details]
permission-v2v.log
Comment 2 Richard W.M. Jones 2016-09-12 10:37:08 UTC 
This is a variation of the "libvirt has no session qemu for root" bug
(in libvirt).

virt-v2v unpacks the OVA into a temporary directory, creating files
and directories as root with permissions like 0600.

Libvirt runs qemu as non-root user qemu.qemu.

Either /var/tmp/ova.puFtEh or /var/tmp/ova.puFtEh/rhel6.8-vmware
is not readable by qemu.qemu, and we see this failure.
Comment 3 Pino Toscano 2016-09-12 10:41:23 UTC 
(In reply to Richard W.M. Jones from comment #2)
> This is a variation of the "libvirt has no session qemu for root" bug
> (in libvirt).

... which should be bug 890291 (leaving it here for reference).
Comment 4 Richard W.M. Jones 2016-09-12 10:41:38 UTC 
Created attachment 1200173 [details]
test-ova.ova

Reproduce the bug using the attached dummy OVA file, and
the following command which must be run *as root*:

# virt-v2v -i ova test-ova.ova -o null -of qcow2
[   0.0] Opening the source -i ova test-ova.ova
[   0.0] Creating an overlay to protect the source from being modified
[   0.1] Initializing the target -o null
[   0.1] Opening the overlay
virt-v2v: error: libguestfs error: could not create appliance through 
libvirt.

Try running qemu directly without libvirt using this environment variable:
export LIBGUESTFS_BACKEND=direct

Original error from libvirt: Cannot access backing file 
'/var/tmp/ova.tlxP2U/test-ova.vmdk' of storage file 
'/var/tmp/v2vovld54bdb.qcow2' (as uid:107, gid:107): Permission denied 
[code=38 int1=13]
Comment 5 Richard W.M. Jones 2016-09-12 10:54:21 UTC 
I posted a patch:

https://www.redhat.com/archives/libguestfs/2016-September/msg00063.html

# virt-v2v -i ova test-ova.ova -o null -of qcow2
[   0.0] Opening the source -i ova test-ova.ova
virt-v2v: warning: making OVA directory public readable to workaround 
libvirt bug https://bugzilla.redhat.com/890291
[   0.0] Creating an overlay to protect the source from being modified
[   0.1] Initializing the target -o null
[   0.1] Opening the overlay
[  15.2] Inspecting the overlay
etc
Comment 6 Richard W.M. Jones 2016-10-11 09:50:52 UTC 
I pushed this patch upstream over some objections because we now
have customers reporting it to me and a customer solution on
RHN (https://access.redhat.com/solutions/2110391).  Some fix is
needed even if it's not ideal.

Upstream commit is:
https://github.com/libguestfs/libguestfs/commit/d9b2a16c71d0c87195e28c1325fd83b344741339
Comment 13 kuwei@redhat.com 2017-03-17 06:18:46 UTC 
From bug 1430680,verify the bug with below builds again:

virt-v2v-1.36.2-2.el7.x86_64
libguestfs-1.36.2-2.el7.x86_64
libvirt-3.1.0-2.el7.x86_64
qemu-kvm-rhev-2.8.0-6.el7.x86_64

Verify steps:
1.Convert a guest from ova file by v2v
# virt-v2v -i ova rhel6.7-efi.ova -o null -of qcow2
[   0.0] Opening the source -i ova rhel6.7-efi.ova
virt-v2v: warning: making OVA directory public readable to work around 
libvirt bug https://bugzilla.redhat.com/1045069
[  28.1] Creating an overlay to protect the source from being modified
[  28.4] Initializing the target -o null
[  28.4] Opening the overlay
[  30.2] Inspecting the overlay
[  44.3] Checking for sufficient free disk space in the guest
[  44.3] Estimating space required on target for each disk
[  44.3] Converting Red Hat Enterprise Linux Server release 6.7 Beta (Santiago) to run on KVM
virt-v2v: This guest has virtio drivers installed.
[ 120.5] Mapping filesystem data to avoid copying unused and blank areas
virt-v2v: warning: fstrim on guest filesystem /dev/sda1 failed.  Usually 
you can ignore this message.  To find out more read "Trimming" in 
virt-v2v(1).

Original message: fstrim: fstrim: /sysroot/: the discard operation is not 
supported
[ 120.7] Closing the overlay
[ 121.0] Checking if the guest needs BIOS or UEFI to boot
virt-v2v: This guest requires UEFI on the target to boot.
[ 121.0] Assigning disks to buses
[ 121.0] Copying disk 1/1 to /var/tmp/null.hSQkWU/sda (qcow2)
    (100.00/100%)
[ 147.7] Creating output metadata
[ 147.7] Finishing off


Result : There is error info about permission when convert a guest from ova file by v2v

2:Reboot test server to verify it again.
# virt-v2v -i ova rhel6.7-efi.ova -o null -of raw

Result: There is error info when convert a guest from ova file by v2v

So,I think we could move this to VERIFIED
Comment 14 errata-xmlrpc 2017-08-01 22:11:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2023
Note You need to log in before you can comment on or make changes to this bug.