Bug 2158300
| Summary: | Improve error message when PasswordAuthentication is set to 'no' on VMware server | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | mxie <mxie> |
| Component: | nbdkit | Assignee: | Richard W.M. Jones <rjones> |
| Status: | CLOSED ERRATA | QA Contact: | mxie <mxie> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 9.2 | CC: | chhu, eblake, hongzliu, juzhou, lersek, mzhan, rjones, tyan, tzheng, virt-maint, vwu, xiaodwan |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | nbdkit-1.32.5-4.el9 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-05-09 07:47:50 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Deadline: | 2023-01-16 | ||
Can't reproduce the bug on rhel8.8
virt-v2v-1.42.0-21.module+el8.8.0+16781+9f4724c2.x86_64
libguestfs-1.44.0-9.module+el8.8.0+16781+9f4724c2.x86_64
nbdkit-server-1.24.0-5.module+el8.8.0+17308+05924798.x86_64
libnbd-1.6.0-5.module+el8.8.0+16781+9f4724c2.x86_64
libvirt-libs-8.0.0-13.module+el8.8.0+17719+f18c2d1b.x86_64
qemu-img-6.2.0-28.module+el8.8.0+17721+63bacee8.x86_64
# virt-v2v -i vmx -it ssh ssh://root.212.36/vmfs/volumes/esx8.0-matrix/esx8.0-rhel9.2-x86_64/esx8.0-rhel9.2-x86_64.vmx
[ 0.0] Opening the source -i vmx ssh://root.212.36/vmfs/volumes/esx8.0-matrix/esx8.0-rhel9.2-x86_64/esx8.0-rhel9.2-x86_64.vmx
[ 1.6] Creating an overlay to protect the source from being modified
[ 1.9] Opening the overlay
[ 65.2] Inspecting the overlay
[ 72.4] Checking for sufficient free disk space in the guest
[ 72.4] Estimating space required on target for each disk
[ 72.4] Converting Red Hat Enterprise Linux 9.2 Beta (Plow) to run on KVM
virt-v2v: This guest has virtio drivers installed.
[ 174.6] Mapping filesystem data to avoid copying unused and blank areas
[ 175.2] Closing the overlay
[ 175.5] Assigning disks to buses
[ 175.5] Checking if the guest needs BIOS or UEFI to boot
[ 175.5] Initializing the target -o libvirt -os default
[ 175.6] Copying disk 1/1 to /var/lib/libvirt/images/esx8.0-rhel9.2-x86_64-sda (raw)
(100.00/100%)
[ 350.5] Creating output metadata
[ 350.6] Finishing off
The reason is shown in the debug output:
nbdkit: ssh[1]: debug: authentication methods offered by the server [0x14]: publickey keyboard-interactive
Because we're trying password authentication, not SSH agent ("publickey")
we would expect the server to offer something more like this:
nbdkit: ssh[1]: debug: authentication methods offered by the server [0x26]: password publickey gssapi-with-mic
where we could use "password" to do password authentication.
One way to fix this would be to edit /etc/ssh/sshd_config (on the
server) and change:
PasswordAuthentication yes # originally set to "no"
Note this is already mentioned in the documentation:
https://libguestfs.org/virt-v2v-input-vmware.1.html#vmx:-access-to-the-storage-containing-the-vmx-and-vmdk-files
We might make this a bit clearer, for example by including the
actual error and debug messages in the docs.
The reason it works for RHEL 8.8 is a bit mysterious. However I think
we were using the qemu ssh client (instead of nbdkit) so maybe it behaves
differently, or maybe you have SSH agent set up on that client.
> We might make this a bit clearer, for example by including the
actual error and debug messages in the docs.
Or the error from nbdkit could be better too ...
Potential improvement to nbdkit error message: https://listman.redhat.com/archives/libguestfs/2023-January/030448.html Changing the component because the proposed fix is in nbdkit. Upstream in: https://gitlab.com/nbdkit/nbdkit/-/commit/c93a8957efcc26652b31f5bc359dfd3c4019b4f8 https://gitlab.com/nbdkit/nbdkit/-/commit/bea88cff5ac9c42f1a068ad24d43d5ed0506edaa Test the bug with below builds:
virt-v2v-2.0.7-7.el9.x86_64
nbdkit-server-1.32.5-2.el9.x86_64
Steps:
1.Log into the VMware server to set "PasswordAuthentication no".
#cat /etc/ssh/sshd_config |grep PasswordAuthentication
PasswordAuthentication no
2.Convert a guest from VMware server by v2v with SSH password authentication
# virt-v2v -i vmx -it ssh ssh://root.212.36/vmfs/volumes/esx8.0-matrix/esx8.0-rhel9.2-x86_64/esx8.0-rhel9.2-x86_64.vmx -ip /home/passwd -o null
[ 0.0] Setting up the source: -i vmx ssh://root.212.36/vmfs/volumes/esx8.0-matrix/esx8.0-rhel9.2-x86_64/esx8.0-rhel9.2-x86_64.vmx
(root.212.36) Password:
(root.212.36) Password:
[ 6.3] Opening the source
nbdkit: ssh[1]: error: the server does not offer password authentication but you tried to use a password; if you have root access to the server, try editing 'sshd_config' and setting 'PasswordAuthentication yes'; otherwise try setting up public key authentication
virt-v2v: error: libguestfs error: could not create appliance through
libvirt.
Try running qemu directly without libvirt using this environment variable:
export LIBGUESTFS_BACKEND=direct
Original error from libvirt: internal error: process exited while
connecting to monitor: 2023-01-09T08:06:17.007683Z qemu-kvm: -blockdev
{"driver":"nbd","server":{"type":"unix","path":"/tmp/v2v.dQxsPi/in0"},"node-name":"libvirt-2-storage","cache":{"direct":false,"no-flush":true},"auto-read-only":true,"discard":"unmap"}:
Requested export not available [code=1 int1=-1]
If reporting bugs, run virt-v2v with debugging enabled and include the
complete output:
virt-v2v -v -x [...]
3.Setup ssh-agent with VMware server
#cat ~/.ssh/id_rsa.pub | ssh root.212.36 "cat >> /etc/ssh/keys-root/authorized_keys"
#eval `ssh-agent`
#ssh-add
4.Convert a guest from VMware server by v2v with ssh-agent authentication
# virt-v2v -i vmx -it ssh ssh://root.212.36/vmfs/volumes/esx8.0-matrix/esx8.0-rhel9.2-x86_64/esx8.0-rhel9.2-x86_64.vmx -o null
[ 0.0] Setting up the source: -i vmx ssh://root.212.36/vmfs/volumes/esx8.0-matrix/esx8.0-rhel9.2-x86_64/esx8.0-rhel9.2-x86_64.vmx
[ 1.7] Opening the source
[ 6.3] Inspecting the source
[ 13.2] Checking for sufficient free disk space in the guest
[ 13.2] Converting Red Hat Enterprise Linux 9.2 Beta (Plow) to run on KVM
virt-v2v: This guest has virtio drivers installed.
[ 114.7] Mapping filesystem data to avoid copying unused and blank areas
[ 115.9] Closing the overlay
[ 116.2] Assigning disks to buses
[ 116.2] Checking if the guest needs BIOS or UEFI to boot
[ 116.2] Setting up the destination: -o null
[ 117.4] Copying disk 1/1
█ 100% [****************************************]
[ 216.7] Creating output metadata
[ 216.7] Finishing off
Result:
The error message is clearer when ssh password authentication method fails
Verify the bug with below builds, test steps are same with comment10, no new problem was found, move the bug from ON_QA to VERIFIED virt-v2v-2.2.0-1.el9.x86_64 nbdkit-1.32.5-3.el9.x86_64 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (nbdkit bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:2347 |
Description of problem: Virt-v2v can't convert guest from ESXi8.0 host via vmx+ssh Version-Release number of selected component (if applicable): virt-v2v-2.0.7-7.el9.x86_64 libguestfs-1.48.4-4.el9.x86_64 guestfs-tools-1.48.2-8.el9.x86_64 libvirt-libs-8.10.0-2.el9.x86_64 qemu-img-7.2.0-3.el9.x86_64 nbdkit-server-1.32.5-1.el9.x86_64 libnbd-1.14.2-1.el9.x86_64 How reproducible: 100% Steps to Reproduce: 1.Convert a guest from ESXi8.0 host via vmx+ssh by v2v # virt-v2v -i vmx -it ssh ssh://root.212.36/vmfs/volumes/esx8.0-matrix/esx8.0-rhel9.2-x86_64/esx8.0-rhel9.2-x86_64.vmx -ip /home/esxpwd [ 0.0] Setting up the source: -i vmx ssh://root.212.36/vmfs/volumes/esx8.0-matrix/esx8.0-rhel9.2-x86_64/esx8.0-rhel9.2-x86_64.vmx (root.212.36) Password: (root.212.36) Password: [ 6.3] Opening the source nbdkit: ssh[1]: error: all possible authentication methods failed virt-v2v: error: libguestfs error: could not create appliance through libvirt. Try running qemu directly without libvirt using this environment variable: export LIBGUESTFS_BACKEND=direct Original error from libvirt: internal error: process exited while connecting to monitor: 2023-01-04T15:56:55.558596Z qemu-kvm: -blockdev {"driver":"nbd","server":{"type":"unix","path":"/tmp/v2v.rewGKS/in0"},"node-name":"libvirt-2-storage","cache":{"direct":false,"no-flush":true},"auto-read-only":true,"discard":"unmap"}: Requested export not available [code=1 int1=-1] If reporting bugs, run virt-v2v with debugging enabled and include the complete output: virt-v2v -v -x [...] Actual results: As above description Expected results: v2v can convert guest from ESXi8.0 host via vmx+ssh Additional info: v2v can convert guest from ESXi7.0 host via vmx+ssh # virt-v2v -i vmx -it ssh ssh://root.212.38/vmfs/volumes/esx7.0-matrix/esx7.0-rhel9.2-x86_64/esx7.0-rhel9.2-x86_64.vmx -ip /home/esxpwd -o null [ 0.0] Setting up the source: -i vmx ssh://root.212.38/vmfs/volumes/esx7.0-matrix/esx7.0-rhel9.2-x86_64/esx7.0-rhel9.2-x86_64.vmx (root.212.38) Password: (root.212.38) Password: [ 7.0] Opening the source [ 11.6] Inspecting the source [ 18.5] Checking for sufficient free disk space in the guest [ 18.5] Converting Red Hat Enterprise Linux 9.2 Beta (Plow) to run on KVM virt-v2v: This guest has virtio drivers installed. [ 121.4] Mapping filesystem data to avoid copying unused and blank areas [ 122.5] Closing the overlay [ 122.8] Assigning disks to buses [ 122.8] Checking if the guest needs BIOS or UEFI to boot [ 122.8] Setting up the destination: -o null [ 124.0] Copying disk 1/1 █ 100% [****************************************] [ 217.5] Creating output metadata [ 217.5] Finishing off