Description of problem: Currently, the rhv-cafile option is mandatory if rhv-verifypeer option is enabled. However, if the certificate is present in the global trust store (/etc/pki/ca-trust), the ovirtsdk4 library uses it. IMHO, it shouldn't be mandatory, but the error generate when ovirtsdk4 connection fails should mention that the rhv-cafile allows specifying a non standard path for the CA bundle.
https://www.redhat.com/archives/libguestfs/2020-January/msg00114.html
Upstream in virt-v2v commit 65ee9387d4be0e3c5cd214b967fef7a1a8841233. I have set ITR to 8.2.0 since this appears like a simple enough fix for AV 8.2, but feel free to move this later if it's too difficult to do so soon.
(In reply to Fabien Dupont from comment #0) > Description of problem: > > Currently, the rhv-cafile option is mandatory if rhv-verifypeer option is > enabled. However, if the certificate is present in the global trust store > (/etc/pki/ca-trust), the ovirtsdk4 library uses it. How do you know if the certificate is present in the global store? If it is not, and you don't specify the file, accessing engine and imageio server will fail. > IMHO, it shouldn't be mandatory, but the error generate when ovirtsdk4 > connection fails should mention that the rhv-cafile allows specifying a non > standard path for the CA bundle. Can you explain why cafile should not be mandatory? Do we have a problem to get the cafile and make it available where virt-v2v run?
(In reply to Nir Soffer from comment #3) > (In reply to Fabien Dupont from comment #0) > > Description of problem: > > > > Currently, the rhv-cafile option is mandatory if rhv-verifypeer option is > > enabled. However, if the certificate is present in the global trust store > > (/etc/pki/ca-trust), the ovirtsdk4 library uses it. > > How do you know if the certificate is present in the global store? I don't know. Basically, the certificate can be installed by: # cp my_ca.pem /etc/pki/ca-trust/source/anchors/ # update-ca-trust extract # rm /etc/pki/ca-trust/source/anchors/ca.pem The certificate is then in different formats in /etc/pki/ca-trust-extracted. > If it is not, and you don't specify the file, accessing engine and imageio > server > will fail. So, we could check, or let it fail with a proper error message saying that the certificate could not be verified and pointing to rhv-cafile option. > > IMHO, it shouldn't be mandatory, but the error generate when ovirtsdk4 > > connection fails should mention that the rhv-cafile allows specifying a non > > standard path for the CA bundle. > > Can you explain why cafile should not be mandatory? Do we have a problem to > get the cafile and make it available where virt-v2v run? That's the point of having a global CA trust. It allows to not specify the CA certificate path while still enjoying proper verification. IMHO, providing the CA certificate on the command line is a workaround when you don't have privileges to update the global trust store.
You don't know, but either the user should add it to the global store or they should use rhv-cafile. It's not really possible for virt-v2v to check this, but it does say what to do in the manual, and this is handled automatically by IMS. By far the vast majority of direct command line users will turn off certificate checking anyway because X.509 is a giant PITA.
Verify the bug with builds: virt-v2v-1.40.2-21.module+el8.2.0+5851+8d6a931b.x86_64 libguestfs-1.40.2-21.module+el8.2.0+5851+8d6a931b.x86_64 libvirt-6.0.0-6.module+el8.2.0+5821+109ee33c.x86_64 qemu-kvm-4.2.0-12.module+el8.2.0+5858+afd073bc.x86_64 nbdkit-1.16.2-2.module+el8.2.0+5664+dd92f997.x86_64 python3-ovirt-engine-sdk4-4.2.9-4.el8ost.x86_64 Steps: 1. Check virt-v2v-output-rhv man page about option rhv-cafile and rhv-verifypeer -oo rhv-cafile=ca.pem The ca.pem file (Certificate Authority), copied from /etc/pki/ovirt-engine/ca.pem on the oVirt engine. If -oo rhv-verifypeer is enabled then this option can be used to control which CA is used to verify the client’s identity. If this option is not used then the system’s global trust store is used. -oo rhv-verifypeer Verify the oVirt/RHV server’s identity by checking the server‘s certificate against the Certificate Authority. 2. Convert a guest from VMware to rhv by virt-v2v, no rhv-cafile and no certificate present in global trust store but set rhv-verifypeer=true in command line # virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA -o rhv-upload -oc https://ibm-x3250m5-03.rhts.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd -b ovirtmgmt --password-file /home/passwd -of raw -oo rhv-cluster=Default -os nfs_data esx6.7-rhel8.1-x86_64 -oo rhv-verifypeer=true Traceback (most recent call last): File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 381, in authenticate self._sso_token = self._get_access_token() File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 617, in _get_access_token sso_response = self._get_sso_response(self._sso_url, post_data) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 694, in _get_sso_response curl.perform() pycurl.error: (60, 'SSL certificate problem: self signed certificate in certificate chain') During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/var/tmp/v2v.fbm2KP/rhv-upload-precheck.py", line 67, in <module> case_sensitive=True, File "/usr/lib64/python3.6/site-packages/ovirtsdk4/services.py", line 5879, in list return self._internal_get(headers, query, wait) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/service.py", line 202, in _internal_get context = self._connection.send(request) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 370, in send return self.__send(request) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 388, in __send self.authenticate() File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 384, in authenticate self.__parse_error(e) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 932, in __parse_error six.reraise(clazz, clazz(error_msg), sys.exc_info()[2]) File "/usr/lib/python3.6/site-packages/six.py", line 692, in reraise raise value.with_traceback(tb) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 381, in authenticate self._sso_token = self._get_access_token() File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 617, in _get_access_token sso_response = self._get_sso_response(self._sso_url, post_data) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 694, in _get_sso_response curl.perform() ovirtsdk4.Error: Error while sending HTTP request: (60, 'SSL certificate problem: self signed certificate in certificate chain') virt-v2v: error: failed server prechecks, see earlier errors If reporting bugs, run virt-v2v with debugging enabled and include the complete output: virt-v2v -v -x [...] 3.Convert a guest from VMware to rhv by virt-v2v, make certificate present in global trust store and set rhv-verifypeer=true in command line. 3.1 Make certificate present in global trust store # cp /home/ca.pem /etc/pki/ca-trust/source/anchors/ # update-ca-trust extract 3.2 Convert a guest from VMware to rhv by virt-v2v, set rhv-verifypeer=true in command line # virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA -o rhv-upload -oc https://ibm-x3250m5-03.rhts.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd -b ovirtmgmt --password-file /home/passwd -of raw -oo rhv-cluster=Default -os nfs_data esx6.7-rhel8.1-x86_64 -oo rhv-verifypeer=true [ 0.6] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel8.1-x86_64 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA [ 2.6] Creating an overlay to protect the source from being modified [ 5.8] Opening the overlay [ 13.2] Inspecting the overlay [ 26.0] Checking for sufficient free disk space in the guest [ 26.0] Estimating space required on target for each disk [ 26.0] Converting Red Hat Enterprise Linux 8.1 Beta (Ootpa) to run on KVM virt-v2v: warning: guest tools directory ‘linux/el8’ is missing from the virtio-win directory or ISO. Guest tools are only provided in the RHV Guest Tools ISO, so this can happen if you are using the version of virtio-win which contains just the virtio drivers. In this case only virtio drivers can be installed in the guest, and installation of Guest Tools will be skipped. virt-v2v: This guest has virtio drivers installed. [ 126.9] Mapping filesystem data to avoid copying unused and blank areas [ 127.6] Closing the overlay [ 127.9] Assigning disks to buses [ 127.9] Checking if the guest needs BIOS or UEFI to boot [ 127.9] Initializing the target -o rhv-upload -oc https://ibm-x3250m5-03.rhts.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd -os nfs_data [ 129.2] Copying disk 1/1 to qemu URI json:{ "file.driver": "nbd", "file.path": "/var/tmp/rhvupload.1Vw9es/nbdkit0.sock", "file.export": "/" } (raw) ^C (2.02/100%) 4. Delete certificate in global trust store, set correct rhv-cafile and rhv-verifypeer=true in command line to convert a guest from VMware to rhv by virt-v2v 4.1 Delete certificate present in the global store # rm /etc/pki/ca-trust/source/anchors/ca.pem # update-ca-trust extract 4.2 # virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA -o rhv-upload -oc https://ibm-x3250m5-03.rhts.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd -b ovirtmgmt --password-file /home/passwd -of raw -oo rhv-cluster=Default -os nfs_data esx6.7-rhel8.1-x86_64 -oo rhv-verifypeer=true -oo rhv-cafile=/home/ca.pem [ 0.6] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel8.1-x86_64 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA [ 2.6] Creating an overlay to protect the source from being modified [ 5.8] Opening the overlay [ 13.1] Inspecting the overlay [ 26.0] Checking for sufficient free disk space in the guest [ 26.0] Estimating space required on target for each disk [ 26.0] Converting Red Hat Enterprise Linux 8.1 Beta (Ootpa) to run on KVM virt-v2v: warning: guest tools directory ‘linux/el8’ is missing from the virtio-win directory or ISO. Guest tools are only provided in the RHV Guest Tools ISO, so this can happen if you are using the version of virtio-win which contains just the virtio drivers. In this case only virtio drivers can be installed in the guest, and installation of Guest Tools will be skipped. virt-v2v: This guest has virtio drivers installed. [ 126.4] Mapping filesystem data to avoid copying unused and blank areas [ 127.2] Closing the overlay [ 127.5] Assigning disks to buses [ 127.5] Checking if the guest needs BIOS or UEFI to boot [ 127.5] Initializing the target -o rhv-upload -oc https://ibm-x3250m5-03.rhts.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd -os nfs_data [ 128.7] Copying disk 1/1 to qemu URI json:{ "file.driver": "nbd", "file.path": "/var/tmp/rhvupload.0h5KnF/nbdkit0.sock", "file.export": "/" } (raw) ^C (2.02/100%) 5. Don't set rhv-cafile and rhv-verifypeer in command line to convert a guest from VMware to rhv by virt-v2v, the v2v conversion can be finished without error and checkpoints of guest are passed # virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA -o rhv-upload -oc https://ibm-x3250m5-03.rhts.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd -b ovirtmgmt --password-file /home/passwd -of raw -oo rhv-cluster=Default -os nfs_data esx6.7-rhel8.1-x86_64 [ 0.6] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel8.1-x86_64 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA [ 2.6] Creating an overlay to protect the source from being modified [ 5.8] Opening the overlay [ 13.2] Inspecting the overlay [ 26.1] Checking for sufficient free disk space in the guest [ 26.1] Estimating space required on target for each disk [ 26.1] Converting Red Hat Enterprise Linux 8.1 Beta (Ootpa) to run on KVM virt-v2v: warning: guest tools directory ‘linux/el8’ is missing from the virtio-win directory or ISO. Guest tools are only provided in the RHV Guest Tools ISO, so this can happen if you are using the version of virtio-win which contains just the virtio drivers. In this case only virtio drivers can be installed in the guest, and installation of Guest Tools will be skipped. virt-v2v: This guest has virtio drivers installed. [ 126.6] Mapping filesystem data to avoid copying unused and blank areas [ 127.4] Closing the overlay [ 127.7] Assigning disks to buses [ 127.7] Checking if the guest needs BIOS or UEFI to boot [ 127.7] Initializing the target -o rhv-upload -oc https://ibm-x3250m5-03.rhts.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd -os nfs_data [ 128.9] Copying disk 1/1 to qemu URI json:{ "file.driver": "nbd", "file.path": "/var/tmp/rhvupload.gnZ3wR/nbdkit0.sock", "file.export": "/" } (raw) (100.00/100%) [1297.2] Creating output metadata [1298.7] Finishing off 6. Set wrong rhv-cafile and rhv-verifypeer=yes in command line to convert a guest from VMware to rhv by virt-v2v # virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA -o rhv-upload -oc https://ibm-x3250m5-03.rhts.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd -b ovirtmgmt --password-file /home/passwd -of raw -oo rhv-cluster=Default -os nfs_data esx6.7-rhel8.1-x86_64 -oo rhv-verifypeer=true -oo rhv-cafile=/home/bad.pem Traceback (most recent call last): File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 381, in authenticate self._sso_token = self._get_access_token() File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 617, in _get_access_token sso_response = self._get_sso_response(self._sso_url, post_data) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 694, in _get_sso_response curl.perform() pycurl.error: (77, 'error setting certificate verify locations:\n CAfile: /home/bad.pem\n CApath: none') During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/var/tmp/v2v.3zKm2y/rhv-upload-precheck.py", line 67, in <module> case_sensitive=True, File "/usr/lib64/python3.6/site-packages/ovirtsdk4/services.py", line 5879, in list return self._internal_get(headers, query, wait) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/service.py", line 202, in _internal_get context = self._connection.send(request) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 370, in send return self.__send(request) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 388, in __send self.authenticate() File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 384, in authenticate self.__parse_error(e) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 932, in __parse_error six.reraise(clazz, clazz(error_msg), sys.exc_info()[2]) File "/usr/lib/python3.6/site-packages/six.py", line 692, in reraise raise value.with_traceback(tb) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 381, in authenticate self._sso_token = self._get_access_token() File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 617, in _get_access_token sso_response = self._get_sso_response(self._sso_url, post_data) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 694, in _get_sso_response curl.perform() ovirtsdk4.Error: Error while sending HTTP request: (77, 'error setting certificate verify locations:\n CAfile: /home/bad.pem\n CApath: none') virt-v2v: error: failed server prechecks, see earlier errors If reporting bugs, run virt-v2v with debugging enabled and include the complete output: virt-v2v -v -x [...] 7. Set wrong certificate in global trust store and rhv-verifypeer=yes in command line to convert a guest from VMware to rhv by virt-v2v 7.1 Set wrong certificate in global trust store # cp /home/bad.pem /etc/pki/ca-trust/source/anchors/ # update-ca-trust extract 7.2# virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA -o rhv-upload -oc https://ibm-x3250m5-03.rhts.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd -b ovirtmgmt --password-file /home/passwd -of raw -oo rhv-cluster=Default -os nfs_data esx6.7-rhel8.1-x86_64 -oo rhv-verifypeer=true Traceback (most recent call last): File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 381, in authenticate self._sso_token = self._get_access_token() File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 617, in _get_access_token sso_response = self._get_sso_response(self._sso_url, post_data) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 694, in _get_sso_response curl.perform() pycurl.error: (60, 'SSL certificate problem: self signed certificate in certificate chain') During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/var/tmp/v2v.AiYfri/rhv-upload-precheck.py", line 67, in <module> case_sensitive=True, File "/usr/lib64/python3.6/site-packages/ovirtsdk4/services.py", line 5879, in list return self._internal_get(headers, query, wait) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/service.py", line 202, in _internal_get context = self._connection.send(request) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 370, in send return self.__send(request) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 388, in __send self.authenticate() File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 384, in authenticate self.__parse_error(e) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 932, in __parse_error six.reraise(clazz, clazz(error_msg), sys.exc_info()[2]) File "/usr/lib/python3.6/site-packages/six.py", line 692, in reraise raise value.with_traceback(tb) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 381, in authenticate self._sso_token = self._get_access_token() File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 617, in _get_access_token sso_response = self._get_sso_response(self._sso_url, post_data) File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 694, in _get_sso_response curl.perform() ovirtsdk4.Error: Error while sending HTTP request: (60, 'SSL certificate problem: self signed certificate in certificate chain') virt-v2v: error: failed server prechecks, see earlier errors If reporting bugs, run virt-v2v with debugging enabled and include the complete output: virt-v2v -v -x [...] 8.Set no-existing rhv-cafile and rhv-verifypeer=yes in command line to convert a guest from VMware to rhv by virt-v2v # virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA -o rhv-upload -oc https://ibm-x3250m5-03.rhts.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd -b ovirtmgmt --password-file /home/passwd -of raw -oo rhv-cluster=Default -os nfs_data esx6.7-rhel8.1-x86_64 -oo rhv-verifypeer=true -oo rhv-cafile=2334 Traceback (most recent call last): File "/var/tmp/v2v.T4mbtj/rhv-upload-precheck.py", line 59, in <module> insecure = params['insecure'], File "/usr/lib64/python3.6/site-packages/ovirtsdk4/__init__.py", line 307, in __init__ raise Error('The CA file \'%s\' doesn\'t exist' % ca_file) ovirtsdk4.Error: The CA file '2334' doesn't exist virt-v2v: error: failed server prechecks, see earlier errors If reporting bugs, run virt-v2v with debugging enabled and include the complete output: Hi Pino, Could you please help to check the error info of step2 and step7.2, is it possible to hidden some error info and just report brief ovirtsdk4 error about can't find correct certificate in global trust store? According to virt-v2v-output-rhv man page, v2v will try to find system’s global if rhv-cafile option is not used when rhv-verifypeer is true, so I think v2v should remind customer to set certificate in global trust store.
Thanks for the extensive testing! > Could you please help to check the error info of step2 and step7.2 - step 2 is correct: since the certificate is self-signed, it cannot be verified using the root CAs (certification authorities) - step 7.2 is correct: bad.pem will not match the actual certificate of the RHV host, so in the end it becomes like step 2 > is it possible to hidden some error info and just report brief ovirtsdk4 error about can't find correct certificate in global trust store? This is hard to do, because the "chain of interaction" is: nbdkit plugin -> oVirt Python API -> Python cURL -> cURL. Even if we accessed the Python cURL exception (which means relying on the internals of the oVirt Python API), the error codes that we get seem that are not enough to detect this situation. You can check in the tracebacks above the actual cURL error code -- for example: pycurl.error: (77, 'error setting certificate verify locations:\n CAfile: /home/bad.pem\n CApath: none') error code ^ | error message--/ The cURL error codes are described in the curl(1) man page, "EXIT CODES" section (available also online: https://curl.haxx.se/docs/manpage.html ). > According to virt-v2v-output-rhv man page, v2v will try to find system’s global if rhv-cafile option is not used when rhv-verifypeer is true, so I think v2v should remind customer to set certificate in global trust store. As the outputs show, it is not easy to detect when the certificate was in the system store or not. Considering that there is the documentation bit, and that the conversions to RHV are mostly driver by RHV itself or IMS, then I would say that people manually using virt-v2v for this should really know what they are doing.
Thanks Pino for the quick reply, according to comment8 and comment9, move the bug from ON_QA to VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2017