RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2027673 - V2V can't convert guest from VMware via vmx+ssh when openssh version is 8.7p1-5
Summary: V2V can't convert guest from VMware via vmx+ssh when openssh version is 8.7p1-5
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: virt-v2v
Version: 9.0
Hardware: x86_64
OS: Unspecified
urgent
urgent
Target Milestone: rc
: ---
Assignee: Virtualization Maintenance
QA Contact: mxie@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-11-30 12:16 UTC by mxie@redhat.com
Modified: 2022-05-17 13:43 UTC (History)
12 users (show)

Fixed In Version: virt-v2v-1.45.92-1.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-05-17 13:41:56 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-104279 0 None None None 2021-11-30 12:17:24 UTC
Red Hat Product Errata RHEA-2022:2566 0 None None None 2022-05-17 13:42:10 UTC

Description mxie@redhat.com 2021-11-30 12:16:36 UTC 
Description of problem:
V2V can't convert guest from VMware via vmx+ssh when openssh version is 8.7p1-5

Version-Release number of selected component (if applicable):
openssh-clients-8.7p1-5.el9.x86_64
virt-v2v-1.45.91-1.el9.x86_64 
libguestfs-1.46.0-5.el9.x86_64
guestfs-tools-1.46.1-5.el9.x86_64    
nbdkit-1.28.2-2.el9.x86_64
libvirt-libs-7.9.0-1.el9.x86_64
qemu-img-6.1.0-7.el9.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Convert guest from VMware via vmx+ssh by v2v

#virt-v2v -i vmx -it ssh ssh://root.75.219/vmfs/volumes/esx6.7-matrix/esx6.7-rhel8.4-x86_64/esx6.7-rhel8.4-x86_64.vmx -o rhv-upload -of qcow2 -oc https://dell-per740-22.lab.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd  -os nfs_data  -b ovirtmgmt  -ip /home/esxpw -v -x
helper-v2v-input --version >/dev/null 2>&1
helper-v2v-output --version >/dev/null 2>&1
running input helper: 'helper-v2v-input' '/tmp/v2v.P42AJb' '-v' '-x' '--program-name=virt-v2v' '-im' 'vmx' '-it' 'ssh' '-ip' '/home/esxpw' 'ssh://root.75.219/vmfs/volumes/esx6.7-matrix/esx6.7-rhel8.4-x86_64/esx6.7-rhel8.4-x86_64.vmx'
LANG=C scp -T |& grep "unknown option"
scp -T 'root'@'10.73.75.219':''\''/vmfs/volumes/esx6.7-matrix/esx6.7-rhel8.4-x86_64/esx6.7-rhel8.4-x86_64.vmx'\''' '/tmp/vmx.nhpI8d/source.vmx'
File "'/vmfs/volumes/esx6.7-matrix/esx6.7-rhel8.4-x86_64/esx6.7-rhel8.4-x86_64.vmx'" not found.
Failed to download file ''/vmfs/volumes/esx6.7-matrix/esx6.7-rhel8.4-x86_64/esx6.7-rhel8.4-x86_64.vmx''
virt-v2v: error: could not copy the VMX file from the remote server, see 
earlier error messages
rm -rf '/tmp/vmx.nhpI8d'



Actual results:
As above description

Expected results:
V2V can convert guest from VMware via vmx+ssh successfully

Additional info:
If downgrade openssh to 8.6p1-7, v2v can convert guest from VMware via vmx+ssh successfully

# rpm -qa |grep openssh
openssh-8.6p1-7.el9.x86_64
openssh-clients-8.6p1-7.el9.x86_64
openssh-server-8.6p1-7.el9.x86_64

#  virt-v2v -i vmx -it ssh ssh://root.75.219/vmfs/volumes/esx6.7-matrix/esx6.7-rhel8.4-x86_64/esx6.7-rhel8.4-x86_64.vmx -o rhv-upload -of qcow2 -oc https://dell-per740-22.lab.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd  -os nfs_data  -b ovirtmgmt  -ip /home/esxpw
[   0.0] Opening the source
[  11.0] Inspecting the source
[  21.7] Checking for sufficient free disk space in the guest
[  21.7] Converting Red Hat Enterprise Linux 8.4 (Ootpa) to run on KVM
virt-v2v: This guest has virtio drivers installed.
[ 107.1] Mapping filesystem data to avoid copying unused and blank areas
[ 108.7] Closing the overlay
[ 109.0] Assigning disks to buses
[ 109.0] Checking if the guest needs BIOS or UEFI to boot
[ 132.2] Copying disk 1/1
^C 11% [*****-----------------------------------]
Comment 1 Richard W.M. Jones 2021-11-30 12:37:10 UTC 
I knew about this one but haven't fixed it yet.  It's related to this change in openssh
which changed how quoting happens on the command line:

https://github.com/openssh/openssh-portable/commit/197e29f1cca190d767c4b2b63a662f9a9e5da0b3

That change only happened upstream in OpenSSH 8.8, but in Fedora and RHEL 9
we're carrying a downstream-only patch which enables it:

https://gitlab.com/redhat/centos-stream/rpms/openssh/-/blob/c9s/openssh-8.7p1-sftp-default-protocol.patch

The fix involves changing this code so it doesn't do the double quoting:

https://github.com/libguestfs/virt-v2v/blob/e626913907ab89e325174b4588e585730f277437/input/parse_domain_from_vmx.ml#L86

(There may be other places where the change needs to be made)

Note this change would be incompatible with OpenSSH upstream versions < 8.8.
Comment 2 Richard W.M. Jones 2021-11-30 13:55:31 UTC 
Upstream fix:
https://github.com/libguestfs/virt-v2v/commit/e2af12ba69c4463bb73d30db63290a887cdd41eb
Comment 3 Laszlo Ersek 2021-11-30 14:03:06 UTC 
I think there are three cases to support:

- if option "M" is known: use "-M sftp", no double quoting
- else, if option "T" is known: use "-T", with double quoting (bug 1733168)
- otherwise, just use double quoting
Comment 4 Richard W.M. Jones 2021-11-30 14:08:31 UTC 
I went with "just support openssh 8.8".  Precise reasons given in the
commit message.  Actually it still works with < 8.8 in the case where the
path doesn't need quoting, so it's kind of fine.
Comment 5 Laszlo Ersek 2021-11-30 14:08:53 UTC 
(In reply to Richard W.M. Jones from comment #2)
> Upstream fix:
> https://github.com/libguestfs/virt-v2v/commit/e2af12ba69c4463bb73d30db63290a887cdd41eb

I understand the argument about "latest OpenSSH only". However, my interpretation is different:

(1) I think that we should always pass "-M sftp", because, from <https://github.com/openssh/openssh-portable/commit/197e29f1cca190d767c4b2b63a662f9a9e5da0b3>:

> .It Fl M Ar scp | sftp
> Specifies a mode which will be used to transfer files.
> The default is to use the original
> .Cm scp
> protocol.
> Alternately, experimental support for using the
> .Cm sftp
> protocol is available.

(2) Given "-M sftp", the "-T" option should be a no-op (sftp is not vulnerable to filename tricks), so "-T" should be removed together with the double quoting.
Comment 6 Richard W.M. Jones 2021-11-30 14:13:27 UTC 
About -T, it was added for https://bugzilla.redhat.com/show_bug.cgi?id=1733168
However reading the comments on that bug I agree that we can now drop it.

I didn't spot that upstream, openssh is still defaulting to scp.  Sounds like
we do need -M sftp.  However about this?

diff --git a/input/parse_domain_from_vmx.ml b/input/parse_domain_from_vmx.ml
index 05bab40b48..e8bf9d4a74 100644
--- a/input/parse_domain_from_vmx.ml
+++ b/input/parse_domain_from_vmx.ml
@@ -68,7 +68,7 @@ let scp_from_remote_to_temporary uri tmpdir filename =
   let localfile = tmpdir // filename in
 
   let cmd =
-    sprintf "scp -T%s%s %s%s:%s %s"
+    sprintf "scp -M sftp%s%s %s%s:%s %s"
             (if verbose () then "" else " -q")
             (match port_of_uri uri with
              | None -> ""

Just check that works ...
Comment 7 Richard W.M. Jones 2021-11-30 14:13:43 UTC 
s/However/How/
Comment 8 Laszlo Ersek 2021-11-30 14:15:21 UTC 
(In reply to Richard W.M. Jones from comment #1)
> I knew about this one but haven't fixed it yet.  It's related to this change
> in openssh
> which changed how quoting happens on the command line:
> 
> https://github.com/openssh/openssh-portable/commit/197e29f1cca190d767c4b2b63a662f9a9e5da0b3
> 
> That change only happened upstream in OpenSSH 8.8, but in Fedora and RHEL 9
> we're carrying a downstream-only patch which enables it:
> 
> https://gitlab.com/redhat/centos-stream/rpms/openssh/-/blob/c9s/openssh-8.7p1-sftp-default-protocol.patch

The downstream variant of the upstream commit is perplexing:

- it changes the default mode from scp to sftp --> therefore, diverges from upstream, meaning that virt-v2v will work differently against upstream scp vs. downstream scp, unless we force sftp mode explicitly

- it removes an option called "-s", which I guess used to be the downstream-only guesswork of what would turn out as "-M sftp" upstream.

- it still does not recognize "-M sftp".
Comment 9 Laszlo Ersek 2021-11-30 14:17:28 UTC 
(In reply to Richard W.M. Jones from comment #6)
> About -T, it was added for
> https://bugzilla.redhat.com/show_bug.cgi?id=1733168
> However reading the comments on that bug I agree that we can now drop it.
> 
> I didn't spot that upstream, openssh is still defaulting to scp.  Sounds like
> we do need -M sftp.  However about this?
> 
> diff --git a/input/parse_domain_from_vmx.ml b/input/parse_domain_from_vmx.ml
> index 05bab40b48..e8bf9d4a74 100644
> --- a/input/parse_domain_from_vmx.ml
> +++ b/input/parse_domain_from_vmx.ml
> @@ -68,7 +68,7 @@ let scp_from_remote_to_temporary uri tmpdir filename =
>    let localfile = tmpdir // filename in
>  
>    let cmd =
> -    sprintf "scp -T%s%s %s%s:%s %s"
> +    sprintf "scp -M sftp%s%s %s%s:%s %s"
>              (if verbose () then "" else " -q")
>              (match port_of_uri uri with
>               | None -> ""
> 
> Just check that works ...

This looks good to me, *assuming* downstream scp actually understand "-M sftp". From <https://gitlab.com/redhat/centos-stream/rpms/openssh/-/blob/c9s/openssh-8.7p1-sftp-default-protocol.patch>, that doesn't seem to be the case. (Well I guess once RHEL / c9s adopts OpenSSH 8.8, virt-v2v will "start" working, but until then, we'll need a downstream-only change in virt-v2v too.)
Comment 10 Richard W.M. Jones 2021-11-30 14:17:49 UTC 
My patch above doesn't work because the -M option doesn't exist any more.  It's now
-O (old) or -s (sftp), and the documentation says that -s will be removed "soon" and
should not be used in scripts!

I think what we have might be OK.
Comment 11 Laszlo Ersek 2021-11-30 14:25:19 UTC 
Do we expect that "scp" default to the sftp method on all distros, starting with OpenSSH 8.8?

(If that's the case, -T still seems superfluous...)
Comment 12 Richard W.M. Jones 2021-11-30 14:38:13 UTC 
Debian isn't carrying any downstream patches related to this, but at the same
time is only on 8.7 (8.8 was released 2 months ago):
https://sources.debian.org/patches/openssh/1:8.7p1-2/

My guess therefore is that Debian will eventually move to 8.8 which defaults
to the old protocol and has the -O / -s flags.

Ubuntu is likely to follow Debian.

Arch has 8.8 and seems vanilla, so same as Debian.
https://github.com/archlinux/svntogit-packages/tree/packages/openssh/trunk

So probably this change will not work on Debian/Ubuntu/Arch *if* the filename
has spaces / quotable characters, but also there's no change I can see that
will make it compatible with those and RHEL/Fedora.
Comment 13 Richard W.M. Jones 2021-11-30 14:40:02 UTC 
And yes I agree that -T is superfluous, but only when all distros move to sftp.
We can leave it there for the moment.
Comment 14 Laszlo Ersek 2021-11-30 16:38:58 UTC 
OK, thanks!
Comment 15 mxie@redhat.com 2021-12-06 07:29:05 UTC 
Test the bug with below builds:
virt-v2v-1.45.93-1.el9.x86_64
libguestfs-1.46.0-5.el9.x86_64
guestfs-tools-1.46.1-5.el9.x86_64
nbdkit-1.28.2-2.el9.x86_64
libvirt-libs-7.9.0-1.el9.x86_64
qemu-img-6.1.0-7.el9.x86_64
openssh-8.7p1-5.el9.x86_64

Steps:
1.Update virt-v2v to latest version, openssh version will be updated with virt-v2v
# yum update virt-v2v -y
.....
Last metadata expiration check: 1:00:32 ago on Mon 06 Dec 2021 01:58:39 PM CST.
virt-v2v-1.45.93-1.el9.x86_64.rpm                                                        380 kB/s | 1.2 MB     00:03    
Dependencies resolved.
=========================================================================================================================
 Package                        Architecture          Version                          Repository                   Size
=========================================================================================================================
Upgrading:
 openssh                        x86_64                8.7p1-5.el9                      rhel9-base                  452 k
 openssh-clients                x86_64                8.7p1-5.el9                      rhel9-base                  700 k
 openssh-server                 x86_64                8.7p1-5.el9                      rhel9-base                  459 k
 virt-v2v                       x86_64                1:1.45.93-1.el9                  @commandline                1.2 M

Transaction Summary
=========================================================================================================================
Upgrade  4 Packages
.......

# rpm -Rq virt-v2v-1.45.93-1.el9.x86_64 |grep openssh
openssh-clients >= 8.7p1

2.Convert guest from VMware via vmx+ssh by v2v
# virt-v2v -i vmx -it ssh ssh://root.75.219/vmfs/volumes/esx6.7-matrix/esx6.7-rhel8.4-x86_64/esx6.7-rhel8.4-x86_64.vmx -o rhv-upload -of qcow2 -oc https://dell-per740-22.lab.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd  -os nfs_data  -b ovirtmgmt  -ip /home/esxpw
[  24.4] Opening the source
[  35.8] Inspecting the source
[  46.5] Checking for sufficient free disk space in the guest
[  46.5] Converting Red Hat Enterprise Linux 8.4 (Ootpa) to run on KVM
virt-v2v: This guest has virtio drivers installed.
[ 130.1] Mapping filesystem data to avoid copying unused and blank areas
[ 131.6] Closing the overlay
[ 131.9] Assigning disks to buses
[ 131.9] Checking if the guest needs BIOS or UEFI to boot
[ 131.9] Copying disk 1/1
█ 100% [****************************************]
[ 378.6] Creating output metadata
[ 441.1] Finishing off

3. Check the guest after v2v conversion, the checkpoints of guest are passed
Comment 17 mxie@redhat.com 2022-01-19 15:29:44 UTC 
Verify the bug with below builds:
virt-v2v-1.45.97-1.el9.x86_64
libguestfs-1.46.1-2.el9.x86_64
guestfs-tools-1.46.1-6.el9.x86_64
libvirt-libs-8.0.0-1.el9.x86_64
qemu-img-6.2.0-4.el9.x86_64
nbdkit-1.28.4-2.el9.x86_64
libnbd-1.10.3-1.el9.x86_64
openssh-8.7p1-6.el9.x86_64

Steps:
1.Check the dependence status of virt-v2v about openssh
# rpm -Rq virt-v2v-1.45.97-1.el9.x86_64 |grep openssh
openssh-clients >= 8.7p1

2.Convert guest from VMware via vmx+ssh by v2v
# virt-v2v -i vmx -it ssh ssh://root.75.219/vmfs/volumes/esx6.7-matrix/esx6.7-rhel8.5-x86_64/esx6.7-rhel8.5-x86_64.vmx -o rhv-upload -of qcow2 -oc https://dell-per740-22.lab.eng.pek2.redhat.com/ovirt-engine/api -op /home/rhvpasswd  -os nfs_data  -b ovirtmgmt  -ip /home/esxpw
[   1.7] Opening the source
[  10.1] Inspecting the source
[  24.4] Checking for sufficient free disk space in the guest
[  24.4] Converting Red Hat Enterprise Linux 8.5 (Ootpa) to run on KVM
virt-v2v: This guest has virtio drivers installed.
[ 162.1] Mapping filesystem data to avoid copying unused and blank areas
[ 164.6] Closing the overlay
[ 164.9] Assigning disks to buses
[ 164.9] Checking if the guest needs BIOS or UEFI to boot
[ 177.8] Copying disk 1/1
█ 100% [****************************************]
[ 890.3] Creating output metadata
[ 953.4] Finishing off

3. Check the guest after v2v conversion, the checkpoints of guest are passed except bug2042479

Result:
   The bug has been fixed, move bug from ON_QA to VERIFIED
Comment 19 errata-xmlrpc 2022-05-17 13:41:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: virt-v2v), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:2566
Note You need to log in before you can comment on or make changes to this bug.