RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1960087 - v2v import from vCenter fails when using interactive password because cookie-script tries to be interactive
Summary: v2v import from vCenter fails when using interactive password because cookie-...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: virt-v2v
Version: 9.0
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: 9.0 Beta
Assignee: Richard W.M. Jones
QA Contact: mxie@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-05-13 02:26 UTC by xinyli
Modified: 2022-05-17 13:44 UTC (History)
10 users (show)

Fixed In Version: virt-v2v-1.45.98-1.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-05-17 13:41:55 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
v2v execution log (8.73 KB, text/plain)
2021-05-13 09:26 UTC, xinyli 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2022:2566 0 None None None 2022-05-17 13:42:32 UTC

Description xinyli 2021-05-13 02:26:15 UTC 
Description of problem:

v2v will fail at creating an overlay if input password for vmware source manually during conversion 
Version-Release number of selected component (if applicable):

virt-v2v-1.44.0-1.el9.1.x86_64
libguestfs-1.45.5-1.el9.x86_64
libvirt-7.0.0-6.el9.x86_64
qemu-kvm-6.0.0-1.el9.x86_64
nbdkit-1.25.4-2.el9.x86_64

How reproducible:

100%
Steps to Reproduce:

1.Convert a guest from VMware without vddk and don't set any option about password in v2v command line. Input the correct password for password prompt
# virt-v2v -ic vpx://root.198.169/data/10.73.199.217/?no_verify=1  esx7.0-win2019-x86_64


Actual results:

[   0.0] Opening the source -i libvirt -ic vpx://root.198.169/data/10.73.199.217/?no_verify=1 esx7.0-win2019-x86_64
Enter root's password for 10.73.198.169: 
Enter host password for user 'root':
[  12.2] Creating an overlay to protect the source from being modified

nbdkit: curl[1]: error: problem doing HEAD request to fetch size of URL [https://10.73.198.169/folder/esx7.0-win2019-x86%5f64/esx7.0-win2019-x86%5f64-flat.vmdk?dcPath=data&dsName=esx7.0-matrix]: HTTP response code said error: The requested URL returned error: 401
qemu-img: /var/tmp/v2vovl0113e3.qcow2: Requested export not available
Could not open backing image.
virt-v2v: error: qemu-img command failed, see earlier errors

If reporting bugs, run virt-v2v with debugging enabled and include the 
complete output:

  virt-v2v -v -x [...]

Expected results:

v2v conversion can be finished successfully
Additional info:

1. Use the virsh command to successfully connect to esxi.
# virsh -c  vpx://root.73.141/data/10.73.75.219/?no_verify=1
Enter root's password for 10.73.73.141: 
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh #

2. Unable to reproduce on RHEL8. RHEL8 can be converted normally
3. Write the password to the file to convert successfully
Comment 1 Richard W.M. Jones 2021-05-13 07:27:56 UTC 
This is probably caused by the new "cookie header" functionality.

Xinyu - please could you attach the virt-v2v debugging log.  Run the same
virt-v2v command with the extra -v -x parameters and attach the full
log output to the bug.
Comment 2 xinyli 2021-05-13 09:26:44 UTC 
Created attachment 1782669 [details]
v2v execution log
Comment 5 Richard W.M. Jones 2022-02-01 10:04:34 UTC 
I did the easy fix:
https://github.com/libguestfs/virt-v2v/commit/8abc07a8589a48c79cc65159640e0d8ab3c9b261

It forces the user to use -ip when importing from VMware over HTTPS.
Comment 9 mxie@redhat.com 2022-02-10 03:57:54 UTC 
Test the bug with below builds:
virt-v2v-1.45.97-4.el9.x86_64
libguestfs-1.46.1-2.el9.x86_64
guestfs-tools-1.46.1-6.el9.x86_64


Steps:
1.Check the man page of virt-v2v-input-vmware about -ip password for vCenter
# man virt-v2v-input-vmware 
vCenter: URI
       The libvirt URI of a vCenter server looks something like this:

        vpx://user@server/Datacenter/esxi
           ....
           The user's password must be supplied in a local file using the separate -ip parameter.
......
vCenter: Supplying the password
       The vCenter password (usually for the root account, or the account specified by "user@" in the vpx URL)
       has to be written to a local file, and the name of that file specified on the virt-v2v command line
       using -ip passwordfile.
vCenter: Importing a guest
       To import a particular guest from vCenter Server, do:

        $ virt-v2v -ic 'vpx://root.com/Datacenter/esxi?no_verify=1' \
          -ip passwordfile \
          "Windows 2003" \
          -o local -os /var/tmp
       ....
       Note that you may be asked for the vCenter password twice.  This happens once because libvirt needs it,
       and a second time because virt-v2v itself connects directly to the server.  Use -ip filename to supply
       a password via a file.


2.Convert a guest from VMwarev(Center) without vddk and don't set any option about vmware password in v2v command line. 

#  virt-v2v -ic vpx://root.198.169/data/10.73.199.217/?no_verify=1 esx7.0-rhel8.5-x86_64 -o local -os /home
[   0.0] Setting up the source: -i libvirt -ic vpx://root.198.169/data/10.73.199.217/?no_verify=1 esx7.0-rhel8.5-x86_64
virt-v2v: error: -i libvirt: expecting -ip passwordfile parameter for 
vCenter connection

If reporting bugs, run virt-v2v with debugging enabled and include the 
complete output:

  virt-v2v -v -x [...]


3.Convert a guest from VMware(vCenter) with vddk and don't set any option about vmware password in v2v command line. Then input the correct password for password prompt

# virt-v2v -ic vpx://root.198.169/data/10.73.199.217/?no_verify=1 -it vddk -io vddk-libdir=/home/vddk7.0.2 -io  vddk-thumbprint=B5:52:1F:B4:21:09:45:24:51:32:56:F6:63:6A:93:5D:54:08:2D:78  -o rhv-upload -of qcow2 -oc https://dell-per740-22.lab.eng.pek2.redhat.com/ovirt-engine/api  -op /home/rhvpasswd  -os nfs_data -b ovirtmgmt  esx7.0-rhel8.5-x86_64 
[   0.0] Setting up the source: -i libvirt -ic vpx://root.198.169/data/10.73.199.217/?no_verify=1 -it vddk esx7.0-rhel8.5-x86_64
Enter root's password for 10.73.198.169: 
password: 
[  14.8] Opening the source
[  20.2] Inspecting the source
[  35.5] Checking for sufficient free disk space in the guest
[  35.5] Converting Red Hat Enterprise Linux 8.5 (Ootpa) to run on KVM
virt-v2v: This guest has virtio drivers installed.
[ 170.0] Mapping filesystem data to avoid copying unused and blank areas
[ 170.9] Closing the overlay
[ 171.2] Assigning disks to buses
[ 171.2] Checking if the guest needs BIOS or UEFI to boot
[ 171.2] Setting up the destination: -o rhv-upload -oc https://dell-per740-22.lab.eng.pek2.redhat.com/ovirt-engine/api -os nfs_data
[ 191.9] Copying disk 1/1
█ 100% [****************************************]
[ 948.3] Creating output metadata
[1011.5] Finishing off


4. Convert a guest from VMware(ESXi host) with vddk and don't set any option about vmware password in v2v command line. Then input the correct password for password prompt
# virt-v2v  -ic esx://root.75.219/?no_verify=1 -it vddk -io vddk-libdir=/home/vddk6.7 -io vddk-thumbprint=FE:D7:15:39:47:F8:E8:5A:48:C8:CF:95:20:D4:16:F3:99:AF:58:55 esx6.7-rhel8.5-x86_64
[   0.0] Setting up the source: -i libvirt -ic esx://root.75.219/?no_verify=1 -it vddk esx6.7-rhel8.5-x86_64
Enter root's password for 10.73.75.219: 
password: 
[   7.0] Opening the source
[  12.1] Inspecting the source
[  25.8] Checking for sufficient free disk space in the guest
[  25.8] Converting Red Hat Enterprise Linux 8.5 (Ootpa) to run on KVM
virt-v2v: This guest has virtio drivers installed.
[ 154.3] Mapping filesystem data to avoid copying unused and blank areas
[ 155.3] Closing the overlay
[ 155.6] Assigning disks to buses
[ 155.6] Checking if the guest needs BIOS or UEFI to boot
[ 155.6] Setting up the destination: -o libvirt
[ 157.6] Copying disk 1/1
█ 100% [****************************************]
[ 333.1] Creating output metadata
[ 333.2] Finishing off



Hi Richard,

  (1)Please check the result of step1, I think the sentences 'Note that you may be asked for the vCenter password twice.  This happens once because libvirt needs it,and a second time because virt-v2v itself connects directly to the server.  Use -ip filename to supply a password via a file.' should be deleted from 'vCenter: Importing a guest'  part

  (2)Please check the result of step3, '-ip passwordfile' is not required option when convert guest from VMware  vCenter with vddk, is it expected?
Comment 10 Richard W.M. Jones 2022-02-10 08:53:56 UTC 
(In reply to mxie from comment #9)
>   (1)Please check the result of step1, I think the sentences 'Note that you
> may be asked for the vCenter password twice.  This happens once because
> libvirt needs it,and a second time because virt-v2v itself connects directly
> to the server.  Use -ip filename to supply a password via a file.' should be
> deleted from 'vCenter: Importing a guest'  part

I'll tidy up the text a bit in a follow-up commit.

>   (2)Please check the result of step3, '-ip passwordfile' is not required
> option when convert guest from VMware  vCenter with vddk, is it expected?

This bug is only about VMware imports over HTTPS and only affects those, not
VDDK.  For VDDK, -ip is not required because nbdkit is able to ask for it.
(nbdkit cannot ask for the curl password up front because of complicated
reasons to do with having to reauthenticate periodically from a script).
So this isn't a bug.
Comment 11 Richard W.M. Jones 2022-02-10 08:58:22 UTC 
Updated in:
https://github.com/libguestfs/virt-v2v/commit/66b0a40406effd1c63c0ab47a271aa5240a77638
Comment 14 mxie@redhat.com 2022-02-11 08:00:35 UTC 
Verify the bug with below builds
virt-v2v-1.45.98-1.el9.x86_64
libguestfs-1.46.1-2.el9.x86_64
guestfs-tools-1.46.1-6.el9.x86_64
libvirt-libs-8.0.0-4.el9.x86_64
qemu-img-6.2.0-7.el9.x86_64
virtio-win-1.9.19-5.el9_b.noarch

Steps:
1.Check the man page of virt-v2v-input-vmware, the wrong sentences which are mentioned in comment9 have been deleted
# man virt-v2v-input-vmware 
vCenter: URI
.....
        vpx://user@server/Datacenter/esxi
           ....
           The user's password must be supplied in a local file using the separate -ip parameter.
......
vCenter: Supplying the password
       The vCenter password (usually for the root account, or the account specified by "user@" in the vpx URL)
       has to be written to a local file, and the name of that file specified on the virt-v2v command line
       using -ip passwordfile.
.....

2.Convert a guest from VMwarev(Center) without vddk and don't set any option about vmware password in v2v command line. v2v can report correct error info
# virt-v2v  -ic vpx://vsphere.local%5cAdministrator.73.141/data/10.73.75.219/?no_verify=1  Auto-esx6.7-win2019-x86_64-efi
[   0.0] Setting up the source: -i libvirt -ic vpx://vsphere.local%5cAdministrator.73.141/data/10.73.75.219/?no_verify=1 Auto-esx6.7-win2019-x86_64-efi
virt-v2v: error: -i libvirt: expecting -ip passwordfile parameter for 
vCenter connection

If reporting bugs, run virt-v2v with debugging enabled and include the 
complete output:

  virt-v2v -v -x [...]


Result:
   No problem found, move the bug from ON_QA to VERIFIED
Comment 16 errata-xmlrpc 2022-05-17 13:41:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: virt-v2v), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:2566
Note You need to log in before you can comment on or make changes to this bug.