Bug 1858765
| Summary: | V2V option --keys-from-stdin gives error: getline: Inappropriate ioctl for device | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | mxie <mxie> | ||||
| Component: | virt-v2v | Assignee: | Pino Toscano <ptoscano> | ||||
| Status: | CLOSED ERRATA | QA Contact: | liuzi <zili> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 8.3 | CC: | jsuchane, juzhou, mzhan, ptoscano, rjones, tyan, tzheng, xiaodwan, zili | ||||
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
||||
| Target Release: | 8.3 | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | virt-v2v-1.42.0-6.module+el8.3.0+7898+13f907d5 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2020-11-17 17:50:17 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
I'm not able to reproduce this for a local conversion.
For example I would expect this to fail with the "Inappropriate ioctl for device"
(it fails because it's not a real guest, but that is expected):
$ guestfish -N part luks-format /dev/sda1 0
Enter key or passphrase ("key"): 123456
$ echo '123456' | virt-v2v --keys-from-stdin -i disk test1.img -o null
[ 0.0] Opening the source -i disk test1.img
[ 0.1] Creating an overlay to protect the source from being modified
[ 0.2] Opening the overlay
[ 6.4] Inspecting the overlay
virt-v2v: error: inspection could not detect the source guest (or physical
machine).
Also I tried the same thing with a real Fedora LUKS local disk and
that didn't fail.
So I suspect this has something to do with the remote input, but I've
no idea what at the moment.
Oh hang on, this machine has 4 disks each requiring a passphrase.
It works if I type the passphrases in manually (the same one each time):
$ virt-v2v -ic 'vpx://root.73.141/data/10.73.75.219/?no_verify=1' -ip /tmp/passwd esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 --keys-from-stdin -o null
[ 0.0] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123
[ 23.7] Creating an overlay to protect the source from being modified
[ 29.9] Opening the overlay
Enter key or passphrase ("/dev/sda3"):
Enter key or passphrase ("/dev/sdb1"):
Enter key or passphrase ("/dev/sdc1"):
Enter key or passphrase ("/dev/sdd1"):
[ 227.5] Inspecting the overlay
...
It also works if I echo the passphrase 4 times:
$ echo -e 'redhat123\nredhat123\nredhat123\nredhat123\n' |
virt-v2v -ic 'vpx://root.73.141/data/10.73.75.219/?no_verify=1' -ip /tmp/passwd esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 --keys-from-stdin -o null
[ 0.0] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123
[ 23.4] Creating an overlay to protect the source from being modified
[ 29.8] Opening the overlay
[ 163.7] Inspecting the overlay
...
ISTR last year there was an "energetic" debate about whether we should try the
same passphrase against all disks, and that idea was rejected, so you have
to repeat the passphrase once for each disk as above.
Hi rjones, You're right, I didn't set disk password correctly during using option --keys-from-stdin, please help to close the bug as NOTABUG, thanks! # echo -e 'redhat123\nredhat123\nredhat123\nredhat123\n' | virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA -ip /home/passwd esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 --keys-from-stdin [ 0.0] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA [ 5.2] Creating an overlay to protect the source from being modified [ 9.3] Opening the overlay [ 20.3] Inspecting the overlay virt-v2v: warning: mount: mount_stub: /dev/mapper/luks-f8f30718-1587-4ce1-8588-87374d273280: No such file or directory (ignored) virt-v2v: warning: mount: mount_stub: /dev/mapper/luks-22b0edbc-4300-42f0-b182-43d595fd45c7: No such file or directory (ignored) virt-v2v: warning: mount: mount_stub: /dev/mapper/luks-b4be9a0b-187b-45c2-ad52-3b6441aca6e2: No such file or directory (ignored) [ 57.2] Checking for sufficient free disk space in the guest [ 57.2] Estimating space required on target for each disk [ 57.2] Converting Red Hat Enterprise Linux Server 7.8 Beta (Maipo) to run on KVM .... # cat /home/disk-passwd | virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA -ip /home/passwd esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 --keys-from-stdin [ 0.0] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA [ 5.2] Creating an overlay to protect the source from being modified [ 9.3] Opening the overlay [ 21.2] Inspecting the overlay .... I think the doc could be improved about this if it's not a general usage? I've pushed this small docs improvement: https://github.com/libguestfs/virt-v2v/commit/7ba65d14c0139dcf7fec45d33cee67c0f6737dd2 The new documentation for virt-v2v(1) reads: --keys-from-stdin Read key or passphrase parameters from stdin. The default is to try to read passphrases from the user by opening /dev/tty. If there are multiple encrypted devices then you may need to supply multiple keys on stdin, one per line. Note --keys-from-stdin only applies to keys and passphrases for encrypted devices and partitions, not for passwords used to connect to remote servers. As this is only a tiny documentation change it's probably not worth adding it to RHEL. We'll get the fix next time we rebase. So you can close this bug as NOTABUG if you want. (In reply to Richard W.M. Jones from comment #5) > I've pushed this small docs improvement: > > https://github.com/libguestfs/virt-v2v/commit/ > 7ba65d14c0139dcf7fec45d33cee67c0f6737dd2 Note that this situation is not specific to virt-v2v. The same issue applies also to any other libguestfs tool that can open encrypted devices. The majority of them can do that. Yup, the fix is generic :-) (Although to be fair I didn't update the common submodule in libguestfs yet) Verify the bug with builds:
virt-v2v-1.42.0-6.module+el8.3.0+7898+13f907d5.x86_64
Steps:
1.Update the virt-v2v to the latest build and check info in man page
--keys-from-stdin
Read key or passphrase parameters from stdin. The default is to
try to read passphrases from the user by opening /dev/tty.
If there are multiple encrypted devices then you may need to
supply multiple keys on stdin, one per line.
Note --keys-from-stdin only applies to keys and passphrases for
encrypted devices and partitions, not for passwords used to
connect to remote servers.
Results:
virt-v2v has updated man page about how to use --keys-from-stdin.
Hi,Rjones:
I think add "split by '\n'" after "one per line" is more clear for new user.
"one per line" means they are split by \n (new line) characters IMHO. I believe the text as it stands is fine. As comment 10 and comment 11,now change the bug from ON_QA to VERIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virt:8.3 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:5137 |
Created attachment 1701733 [details] option-keys-from-stdin.log Description of problem: V2V can't convert encrypted guest with option --keys-from-stdin Version-Release number of selected component (if applicable): virt-v2v-1.42.0-5.module+el8.3.0+7152+ab3787c3.x86_64 libguestfs-1.42.0-2.module+el8.3.0+6798+ad6e66be.x86_64 libvirt-6.5.0-1.module+el8.3.0+7323+d54bb644.x86_64 qemu-kvm-5.0.0-2.module+el8.3.0+7379+0505d6ca.x86_64 How reproducible: 100% Steps to Reproduce: 1.Try to use v2v to convert encrypted guest from VMware with option --keys-from-stdin 1.1 # cat disk-passwd | virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -ip /home/passwd esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 --keys-from-stdin [ 0.0] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 [ 9.7] Creating an overlay to protect the source from being modified [ 12.1] Opening the overlay getline: Inappropriate ioctl for device virt-v2v: could not read key from user 1.2 # echo -e 'redhat123' | virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA -ip /home/passwd esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 --keys-from-stdin [ 0.0] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA [ 5.1] Creating an overlay to protect the source from being modified [ 8.7] Opening the overlay getline: Inappropriate ioctl for device virt-v2v: could not read key from user Actual results: As above description Expected results: V2V can convert encrypted guest with option --keys-from-stdin Additional infoļ¼ 1.V2V can convert encrypted guest without option --keys-from-stdin on rhel8.3 av # echo -e 'redhat123' | virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA -ip /home/passwd esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 [ 0.0] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA [ 5.2] Creating an overlay to protect the source from being modified [ 8.9] Opening the overlay Enter key or passphrase ("/dev/sda3"): Enter key or passphrase ("/dev/sdb1"): Enter key or passphrase ("/dev/sdc1"): Enter key or passphrase ("/dev/sdd1"): [ 269.0] Inspecting the overlay virt-v2v: warning: mount: mount_stub: /dev/mapper/luks-f8f30718-1587-4ce1-8588-87374d273280: No such file or directory (ignored) virt-v2v: warning: mount: mount_stub: /dev/mapper/luks-22b0edbc-4300-42f0-b182-43d595fd45c7: No such file or directory (ignored) virt-v2v: warning: mount: mount_stub: /dev/mapper/luks-b4be9a0b-187b-45c2-ad52-3b6441aca6e2: No such file or directory (ignored) [ 308.8] Checking for sufficient free disk space in the guest [ 308.8] Estimating space required on target for each disk [ 308.8] Converting Red Hat Enterprise Linux Server 7.8 Beta (Maipo) to run on KVM virt-v2v: This guest has virtio drivers installed. [ 514.8] Mapping filesystem data to avoid copying unused and blank areas [ 516.9] Closing the overlay [ 517.4] Assigning disks to buses [ 517.4] Checking if the guest needs BIOS or UEFI to boot [ 517.4] Initializing the target -o libvirt -os default [ 517.4] Copying disk 1/4 to /var/lib/libvirt/images/esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123-sda (raw) ^C (3.02/100%) 2. Can reproduce the problem when v2v convert guest without vddk on rhel8.3 av, so the problem has no relationship with nbdkit # echo -e 'redhat123' | virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -ip /home/passwd esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 --keys-from-stdin [ 0.0] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 [ 9.5] Creating an overlay to protect the source from being modified [ 11.9] Opening the overlay getline: Inappropriate ioctl for device virt-v2v: could not read key from user 3. Can reproduce the problem on rhel8.2.1 # rpm -q virt-v2v libguestfs libvirt qemu-kvm virt-v2v-1.40.2-24.module+el8.2.1+7154+47ffd890.x86_64 libguestfs-1.40.2-24.module+el8.2.1+7154+47ffd890.x86_64 package libvirt is not installed qemu-kvm-4.2.0-29.module+el8.2.1+7297+a825794d.x86_64 # echo -e 'redhat123' | virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -ip /home/passwd esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 --keys-from-stdin [ 0.0] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel7.8-swap_luks-non_os_3luks-redhat123 [ 4.8] Creating an overlay to protect the source from being modified [ 7.0] Opening the overlay getline: Inappropriate ioctl for device virt-v2v: could not read key from user