RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1967716 - RFE: rebuild guest agent to include public ssh injection api support
Summary: RFE: rebuild guest agent to include public ssh injection api support
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: qemu-kvm
Version: 8.5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: beta
: ---
Assignee: Marc-Andre Lureau
QA Contact: dehanmeng
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-06-03 17:05 UTC by David Vossel
Modified: 2021-11-09 21:50 UTC (History)
7 users (show)

Fixed In Version: qemu-kvm-4.2.0-56.module+el8.5.0+12039+0434c559
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-11-09 18:01:39 UTC
Type: Feature Request
Target Upstream Version:
Embargoed:
pm-rhel: mirror+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:4191 0 None None None 2021-11-09 18:02:15 UTC

Description David Vossel 2021-06-03 17:05:02 UTC 
Description of problem:

https://bugzilla.redhat.com/show_bug.cgi?id=1885332 includes a new qemu guest agent api that supports ssh injection. This was shipped in RHEL-AV 8.4. This guest agent api needs to be present for rhel 8.4 guests that are not using the RHEL-AV packages as well
Comment 2 John Ferlan 2021-06-04 12:37:41 UTC 
Looks like we need backports for RHEL 8.5.0 and then eventually a zstream for 8.4.0
Comment 3 Marc-Andre Lureau 2021-06-06 19:41:29 UTC 
backport patches ready to be submitted:
https://gitlab.com/marcandre.lureau-rh/qemu-kvm/-/tree/rhbz-1967716
Comment 4 Fabian Deutsch 2021-06-07 14:15:11 UTC 
Quick q: How is the guest agent delivered these days on RHEL?Using an RPM or container?
Comment 5 John Ferlan 2021-06-08 13:47:16 UTC 
Changing to ASSIGNED since patches aren't posted downstream yet

I believe Fabian's question was answered in the Virt/CNV meeting by Martin - essentially it was a RHV mechanism until RHCOS added guest agent.

Once patches are posted to rhvirt-patches the DTM would need to be adjusted
Comment 6 Marc-Andre Lureau 2021-06-08 16:01:46 UTC 
please qa ack
Comment 7 Marc-Andre Lureau 2021-06-09 10:07:15 UTC 
sent "[RHEL-8.5.0 qemu-kvm PATCH 0/4] qga: public ssh injection api support"
Comment 10 Yanan Fu 2021-07-29 14:25:04 UTC 
QE bot(pre verify): Set 'Verified:Tested,SanityOnly' as gating/tier1 test pass.
Comment 11 dehanmeng 2021-07-30 02:40:05 UTC 
Verify with version qemu-kvm-4.2.0-56.module+el8.5.0+12039+0434c559

Steps to Verify:
1.Start guest with virtio serial and start guest agent inside the guest 
2.Connect to the chardev socket in host side for sending following command to the guest:
# nc -U /tmp/qga.sock 
{"execute":"guest-ping"}
{"return": {}}
3.Off the selinux permission in guest:
#setenforce 0 
4.create a user in guest:
#useradd fedora
5.issue cmds in the unix socked,cmds like following items:
{"execute": "guest-ssh-add-authorized-keys", "arguments": { "username": "fedora", "keys": ["ssh-rsa aaa"]}}
{"return": {}}

$cat .ssh/authorized_keys
ssh-rsa aaa
{"execute":"guest-ssh-get-authorized-keys","arguments":{"username":"fedora" }}
{"return": {"keys": ["ssh-rsa aaa"]}}

{"execute": "guest-ssh-add-authorized-keys", "arguments": { "username": "fedora", "keys": [ "ssh-rsa aaa", "ssh-rsa bbb" ] } }
{"return": {}}
$cat .ssh/authorized_keys
ssh-rsa aaa
ssh-rsa bbb


{"execute": "guest-ssh-remove-authorized-keys", "arguments": { "username": "fedora", "keys": [ "ssh-rsa bbb", "ssh-rsa ccc" ] } }
{"return": {}}
$cat .ssh/authorized_keys
ssh-rsa aaa

{"execute":"guest-ssh-add-authorized-keys","arguments":{"username": "fedora", "keys": ["aaa"], "reset": true }}                  
{"return": {}}

$cat .ssh/authorized_keys
aaa
{"execute":"guest-ssh-get-authorized-keys","arguments":{"username":"fedora" }}
{"return": {"keys": ["aaa"]}}

Actual result:
Commands running well and no errors.
Expected result:
Commands running well and no errors.
Comment 14 errata-xmlrpc 2021-11-09 18:01:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4191
Note You need to log in before you can comment on or make changes to this bug.