RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 671094 - Cannot convert VM to libvirt with non-root user
Summary: Cannot convert VM to libvirt with non-root user
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: virt-v2v
Version: 6.1
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: rc
: ---
Assignee: Matthew Booth
QA Contact: Virtualization Bugs
URL:
Whiteboard:
: 701920 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-01-20 10:08 UTC by Rita Wu
Modified: 2013-07-03 01:42 UTC (History)
7 users (show)

Fixed In Version: virt-v2v-0.8.2-2.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-06 15:07:54 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1615 0 normal SHIPPED_LIVE Low: virt-v2v security and bug fix update 2011-12-06 00:51:05 UTC

Description Rita Wu 2011-01-20 10:08:36 UTC 
Description of problem:
Cannot convert ESX VM to libvirt with non-root user and /home/$non-root/.netrc. If it is the expected result, then the manual page should be updated to emphasis this and also the path of netrc should be changed to root/.netrc. 

man virt-v2v:
virt-v2v supports password authentication when connecting to ESX. It reads passwords from $HOME/.netrc.

Version-Release number of selected component (if applicable):
virt-v2v-0.7.0-1.el6.x86_64
libguestfs-1.7.17-11.el6.x86_64
libguestfs-tools-1.7.17-11.el6.x86_64
libvirt-0.8.7-2.el6.x86_64


How reproducible:
always

Steps to Reproduce:

1. Create ~/.netrc with non-root user and set permission to 600
[root@dhcp-66-92-183 /]# su - wll
[wll@dhcp-66-92-183 ~]$ ll ~/.netrc 
-rw-------. 1 wll wll 51 Jan 14 13:56 /home/wll/.netrc

2. Convert an ESX VM to libvirt pool with non-root user 

[wll@dhcp-66-92-183 ~]$ virsh pool-list --all
Name                 State      Autostart 
-----------------------------------------
dir_pool             active     no        

[wll@dhcp-66-92-183 ~]$ virt-v2v -ic esx://10.66.72.149/?no_verify=1 -op dir_pool ESX4.0-rhel5u6-64b
virt-v2v: Failed to connect to qemu:///system: libvirt error code: 45, message: authentication failed



  
Actual results:
Fail to connect to ESX server.

Expected results:
Emphasis only root user can convert ESX VM to libvirt in man virt-v2v  or convert successfully with non-root user 



Additional info:
V2V can connect to ESX server with root user and /root/.netrc. 

[root@dhcp-66-92-183 /]# ll ~/.netrc 
-rw-------. 1 root root 53 Dec  2 13:59 /root/.netrc
[root@dhcp-66-92-183 /]# virt-v2v -ic esx://10.66.72.149/?no_verify=1 -o rhev -osd 10.66.90.115:/vol/v2vrwu1/xen_export ESX4.0-rhel5u6-64b
Guessing terminal width due to problem with Term::ReadKey
terminal width 50 too small for bar; defaulting to 10
ESX4.0-rhel5u6-64b_ESX4.0-rhel5u6-64b:   2% [= *       ]7m20s Left^Cvirt-v2v: Received signal INT. Exiting.
Comment 2 Matthew Booth 2011-02-11 11:04:37 UTC 
I don't think this has anything to do with ESX. I believe this would be the behaviour when converting any guest to this target.

Note that the libvirt connection which is failing is to qemu:///system, which is the local system connection. No error is given about the esx connection, which I would expect to succeed.

In order to do this as non-root, you'd need to change the output connection type to qemu:///session, and write to a pool defined against the local session which the current user has write access to. This scenario is currently of pretty limited value, so we haven't spent much time on it.

I think we could improve the error message, but until there's capacity to test this properly I'm inclined to just continue recommending that virt-v2v is run as root.
Comment 4 Matthew Booth 2011-06-10 08:56:50 UTC 
*** Bug 701920 has been marked as a duplicate of this bug. ***
Comment 5 Matthew Booth 2011-07-28 14:35:09 UTC 
This works if you:

* Specify -oc qemu:///session
* Specify a local virt-v2v.conf with a writable location for transfer.iso
* Fudge the domain XML afterwards to specify user mode networking
Comment 6 Huang Wenlong 2011-08-01 05:34:17 UTC 
(In reply to comment #5)
> This works if you:
> 
> * Specify -oc qemu:///session
> * Specify a local virt-v2v.conf with a writable location for transfer.iso
> * Fudge the domain XML afterwards to specify user mode networking

Hi, Matt
Thanks your work around ,I can convert esx guest with -oc qemu:///session  and specify virt-v2v.conf and writable transfer.iso by normal user , I also think it will be better to improve the error message or mention it in the man page for customers.

Wenlong
Comment 7 Matthew Booth 2011-08-09 11:11:54 UTC 
This is fixed upstream is commits:

76b2fe5a0a9289bf950c082a0dccc6c7948d9642
c5234f8c5f7c9518c60b41de2a7377fcfb4c2bcd

When running as non-root, the libvirt output uri will default to qemu:///session. The transfer iso location is now also no longer configurable, and uses the default temporary directory. This means a non-root user doesn't need to specify an alternate location. Networking is still not handled gracefully, though.
Comment 9 tingting zheng 2011-08-22 07:19:15 UTC 
Verified this bug with the following packages:
virt-v2v-0.8.3-1.el6.x86_64
libguestfs-1.7.17-26.el6.x86_64
libvirt-0.9.4-4.el6.x86_64   

Steps:
1. Create ~/.netrc with non-root user and set permission to 600
[root@tzheng-rhevm ~]# su  tzheng
[tzheng@tzheng-rhevm ~]$ ll .netrc 
-rw-------. 1 tzheng tzheng 150 Aug 11 11:13 .netrc


2. Convert an ESX VM to libvirt pool with non-root user 

[tzheng@tzheng-rhevm ~]$ virsh pool-list 
Name                 State      Autostart 
-------------------------------------
tzheng-pool          active     no  
  
[tzheng@tzheng-rhevm ~]$ virt-v2v -oc qemu:///session -ic esx://10.66.72.149/?no_verify=1 -os tzheng-pool -b rhevm esx4.0-rhel5.6-x86_64
ESX4.0-rhel5u6-64b_ESX4.0-rhel5u6-64b: 100% [=====================================================================]D 0h12m56s
virt-v2v: esx4.0-rhel5.6-x86_64 configured with virtio drivers.
Comment 10 errata-xmlrpc 2011-12-06 15:07:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1615.html
Note You need to log in before you can comment on or make changes to this bug.