1650264 – v2v - virt-v2v-wrapper support for SSL without validation for OSP

Bug 1650264 - v2v - virt-v2v-wrapper support for SSL without validation for OSP

Summary: v2v - virt-v2v-wrapper support for SSL without validation for OSP

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	libguestfs
Sub Component:
Version:	4.2.7
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	ovirt-4.3.0
Target Release:	---
Assignee:	Tomáš Golembiovský
QA Contact:	Yadnyawalk Tale
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1651543
TreeView+	depends on / blocked

Reported:	2018-11-15 17:26 UTC by Brett Thurber
Modified:	2019-04-15 18:07 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	Previously, SSL certificates were inspected with the openstack method when HTTPS was selected as the connection protocol. This is a problem in environments with broken SSL configuration. In this release, a new keyword was added to the JSON API that allows disabling SSL verification.
Clone Of:
Environment:
Last Closed:	2019-04-15 18:07:02 UTC
oVirt Team:	Virt
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
fixed_proof_wrapper.log (13.83 KB, text/plain) 2019-01-21 10:51 UTC, Yadnyawalk Tale	no flags	Details
View All

Description Brett Thurber 2018-11-15 17:26:21 UTC

Description of problem:
When attempting to migrate VMs from VMware to OSP, receive the following error when SSL without validation is used for the OSP connectivity:

SSL exception connecting to https://10.8.197.84:13000/v3/auth/tokens: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)
 (virt-v2v-wrapper:166)

Version-Release number of selected component (if applicable):
http://download.eng.bos.redhat.com/brewroot/packages/ovirt-ansible-v2v-conversion-host/1.7.0/2.el7ev/noarch/ovirt-ansible-v2v-conversion-host-1.7.0-2.el7ev.noarch.rpm

How reproducible:
Every time

Steps to Reproduce:
1. Configure conversion host with aforementioned playbook
2. Initiate VM migration from VMware to OSP
3. Observe failure in virt-v2v-wrapper log

Actual results:
Failed VM migration due to SSL validation error.

Expected results:
Accept SSL without validation certificates

Additional info:
Need to include --insecure support in virt-v2v-wrapper.py

Comment 1 Omri Hochman 2018-11-15 17:38:30 UTC

Added the relevant QE flags for TestBlocker keyword & Blocker flag to "?"   

SSL enabled deployments are the go-to deployments for osp customers - also included in the CFME test-plan testing v2v.

Comment 3 Brett Thurber 2018-11-16 04:17:17 UTC

This happens whether SSL or SSL without validation is chosen for the provider in CF.  Works only for non-SSL.

Comment 5 Tomáš Golembiovský 2018-11-26 14:13:27 UTC

ovirt-ansible-v2v-conversion-host-1.7.0-4.el7ev

Comment 8 Yadnyawalk Tale 2019-01-21 10:51:04 UTC

Created attachment 1522104 [details]
fixed_proof_wrapper.log

Fixed! Tested with 'SSL without validation' and migration works without any error in virt-v2v-wrapper.log

Conversion host - ovirt-ansible-v2v-conversion-host-1.8.0
CFME - 5.10.0.31
virt-v2v-1.38.2-12.26.lp.el7ev.x86_64

Note You need to log in before you can comment on or make changes to this bug.