1884979 – [v2v][Doc][VMware to CNV VM import API] Please add details on "thumbprint" in the VMware "Secret"

Bug 1884979 - [v2v][Doc][VMware to CNV VM import API] Please add details on "thumbprint" in the VMware "Secret"

Summary: [v2v][Doc][VMware to CNV VM import API] Please add details on "thumbprint" in...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Container Native Virtualization (CNV)
Classification:	Red Hat
Component:	V2V
Sub Component:
Version:	2.5.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	high
Target Milestone:	---
Target Release:	2.5.2
Assignee:	Sam Lucidi
QA Contact:	Ilanit Stein
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-10-04 09:23 UTC by Ilanit Stein
Modified:	2020-12-16 00:17 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-12-16 00:16:58 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2020:5560	0	None	None	None	2020-12-16 00:17:06 UTC

Description Ilanit Stein 2020-10-04 09:23:24 UTC

Document:
https://github.com/kubevirt/vm-import-operator/blob/master/docs/design.md#vmware-secret-example

Description of problem:
1. Please add details on how to fetch the VMware "thumbprint".
2. Emphasize that ":" should separate the numbers and not spaces.

This value should be provided as part of VMware Secret:

cat <<EOF | oc create -f -
---
apiVersion: v1
kind: Secret
metadata:
 name: vmw-secret
type: Opaque
stringData:
 vmware: |-
   # API URL of the vCenter or ESXi host
   apiUrl: "https://<Vcenter IP address>/sdk"
   # Username provided in the format of username@domain.
   username: <username>
   password: <password>
   # The certificate thumbprint of the vCenter or ESXi host, in colon-separated hexidecimal octets.
   thumbprint: 31:14:..   <===== thumbprint
EOF

Version-Release number of selected component (if applicable):
CNV-2.5

Additional info:
thumbprint it's the SHA-1 fingerprint of the vCenter's SSL certificate.
You could get it from your web browser by clicking the lock in the URL bar and clicking through to the certificate details
It needs to be formatted as 31:14:EB:9E etc
it will not work with the spaces
it would complain of being unable to initialize the provider if the fingerprint was bad

Comment 1 Fabien Dupont 2020-10-07 07:27:54 UTC

Finding the UUID is pretty much out of scope. A VMware administrator should be able to help.

However, I agree that it would be better to explain how to retrieve it, maybe as a note under the example.
And I prefer solutions based on command line. Creating a CR is for advanced users, so they should be fine with command line.
Here is the openssl command to get it, already in colon-separated hexadecimal octets format:

$ openssl s_client -connect esx13.v2v.bos.redhat.com:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -sha1 -noout -in /dev/stdin | cut -d '=' -f 2

Comment 2 Fabien Dupont 2020-10-07 07:36:18 UTC

I meant, "finding the thumbprint".

Comment 3 Fabien Dupont 2020-10-13 14:50:25 UTC

Moving to 2.5.1 as it is an upstream doc RFE.

Comment 4 Sam Lucidi 2020-11-03 21:48:06 UTC

https://github.com/kubevirt/vm-import-operator/pull/435

Comment 5 Ilanit Stein 2020-12-01 09:29:06 UTC

Verified on latest master doc: https://github.com/kubevirt/vm-import-operator/blob/master/docs/design.md

Comment 11 errata-xmlrpc 2020-12-16 00:16:58 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Virtualization 2.5.2 Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:5560

Note You need to log in before you can comment on or make changes to this bug.