import virt-v2v-2.0.7-6.el9

This commit is contained in:
CentOS Sources 2022-11-15 01:33:07 -05:00 committed by Stepan Oksanichenko
parent ef07c9e8af
commit 33a40cfdcc
46 changed files with 3645 additions and 1018 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/libguestfs.keyring
SOURCES/virt-v2v-1.45.99.tar.gz
SOURCES/virt-v2v-2.0.7.tar.gz

View File

@ -1,2 +1,2 @@
1bbc40f501a7fef9eef2a39b701a71aee2fea7c4 SOURCES/libguestfs.keyring
23d3b578404a991563d2af88d3118cdbce27a110 SOURCES/virt-v2v-1.45.99.tar.gz
2d898dc22eca44c9d73d664dc7e901fe437570bc SOURCES/virt-v2v-2.0.7.tar.gz

View File

@ -1,4 +1,4 @@
From 5b3653332be7b739755f53cca19ce10768585a61 Mon Sep 17 00:00:00 2001
From d7c0992dfb11982d96cac8e279c454d82787918a Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sun, 28 Sep 2014 19:14:43 +0100
Subject: [PATCH] RHEL: v2v: Select correct qemu binary for -o qemu mode
@ -16,7 +16,7 @@ support cases.
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/output/output_qemu.ml b/output/output_qemu.ml
index f8d2e171..700de058 100644
index 3269fba5..7f2e9284 100644
--- a/output/output_qemu.ml
+++ b/output/output_qemu.ml
@@ -137,7 +137,7 @@ module QEMU = struct
@ -28,6 +28,3 @@ index f8d2e171..700de058 100644
let flag = Qemuopts.flag cmd
and arg = Qemuopts.arg cmd
--
2.31.1

View File

@ -1,4 +1,4 @@
From b896dab3d8d4226b246e2e90d07235a38b6c8a79 Mon Sep 17 00:00:00 2001
From 610f53a67a0804ee76e9213c503b7bb00dd722b8 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 30 Sep 2014 10:50:27 +0100
Subject: [PATCH] RHEL: v2v: Disable the --qemu-boot / -oo qemu-boot option
@ -17,7 +17,7 @@ qemu script.
4 files changed, 5 insertions(+), 18 deletions(-)
diff --git a/docs/virt-v2v-output-local.pod b/docs/virt-v2v-output-local.pod
index a5f155cb..3a2e6238 100644
index d2a1c270..0be37f5e 100644
--- a/docs/virt-v2v-output-local.pod
+++ b/docs/virt-v2v-output-local.pod
@@ -9,7 +9,7 @@ or libvirt
@ -27,9 +27,9 @@ index a5f155cb..3a2e6238 100644
- virt-v2v [-i* options] -o qemu -os DIRECTORY [--qemu-boot]
+ virt-v2v [-i* options] -o qemu -os DIRECTORY
virt-v2v [-i* options] -o json -os DIRECTORY
[-oo json-disks-pattern=PATTERN]
@@ -50,12 +50,10 @@ where C<NAME> is the guest name.
virt-v2v [-i* options] -o null
@@ -47,12 +47,10 @@ where C<NAME> is the guest name.
=item B<-o qemu -os> C<DIRECTORY>
@ -41,13 +41,13 @@ index a5f155cb..3a2e6238 100644
-run, I<unless> you also add the I<--qemu-boot> option.
+run.
=item B<-o json -os> C<DIRECTORY>
=item B<-o null>
diff --git a/docs/virt-v2v.pod b/docs/virt-v2v.pod
index f50d27a0..9b1e44a1 100644
index 4e912b6c..7d0bafff 100644
--- a/docs/virt-v2v.pod
+++ b/docs/virt-v2v.pod
@@ -140,11 +140,6 @@ Since F<guest-domain.xml> contains the path(s) to the guest disk
@@ -139,11 +139,6 @@ Since F<guest-domain.xml> contains the path(s) to the guest disk
image(s) you do not need to specify the name of the disk image on the
command line.
@ -59,7 +59,7 @@ index f50d27a0..9b1e44a1 100644
=head1 OPTIONS
=over 4
@@ -509,9 +504,6 @@ This is similar to I<-o local>, except that a shell script is written
@@ -487,9 +482,6 @@ This is similar to I<-o local>, except that a shell script is written
which you can use to boot the guest in qemu. The converted disks and
shell script are written to the directory specified by I<-os>.
@ -69,7 +69,7 @@ index f50d27a0..9b1e44a1 100644
=item B<-o> B<rhev>
This is the same as I<-o rhv>.
@@ -765,10 +757,6 @@ Print information about the source guest and stop. This option is
@@ -743,10 +735,6 @@ Print information about the source guest and stop. This option is
useful when you are setting up network and bridge maps.
See L</Networks and bridges>.
@ -81,7 +81,7 @@ index f50d27a0..9b1e44a1 100644
=item B<--quiet>
diff --git a/output/output_qemu.ml b/output/output_qemu.ml
index 700de058..3ad98a58 100644
index 7f2e9284..527d3c5e 100644
--- a/output/output_qemu.ml
+++ b/output/output_qemu.ml
@@ -63,6 +63,9 @@ module QEMU = struct
@ -95,10 +95,10 @@ index 700de058..3ad98a58 100644
let output_storage =
match options.output_storage with
diff --git a/v2v/v2v.ml b/v2v/v2v.ml
index 7bd47c1e..a66fa285 100644
index 9790416e..97b4e4ec 100644
--- a/v2v/v2v.ml
+++ b/v2v/v2v.ml
@@ -277,8 +277,6 @@ let rec main () =
@@ -270,8 +270,6 @@ let rec main () =
s_"Same as -ip filename";
[ L"print-source" ], Getopt.Set print_source,
s_"Print source and stop";
@ -107,6 +107,3 @@ index 7bd47c1e..a66fa285 100644
[ L"root" ], Getopt.String ("ask|... ", set_root_choice),
s_"How to choose root filesystem";
[ L"vddk-config" ], Getopt.String ("filename", set_input_option_compat "vddk-config"),
--
2.31.1

View File

@ -1,4 +1,4 @@
From 3745743d97bc432854750afd6d04d6391f19bf2f Mon Sep 17 00:00:00 2001
From b61fc893f429eb4bec34816d667cc930e50ccd0f Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 24 Apr 2015 09:45:41 -0400
Subject: [PATCH] RHEL: Fix list of supported sound cards to match RHEL qemu
@ -9,10 +9,10 @@ Subject: [PATCH] RHEL: Fix list of supported sound cards to match RHEL qemu
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/utils.ml b/lib/utils.ml
index 4c8998c2..7b16dd8b 100644
index 128bb697..7116a4f9 100644
--- a/lib/utils.ml
+++ b/lib/utils.ml
@@ -59,13 +59,14 @@ let kvm_arch = function
@@ -60,13 +60,14 @@ let kvm_arch = function
(* Does qemu support the given sound card? *)
let qemu_supports_sound_card = function
| Types.AC97
@ -29,6 +29,3 @@ index 4c8998c2..7b16dd8b 100644
(* Find the UEFI firmware. *)
let find_uefi_firmware guest_arch =
--
2.31.1

View File

@ -1,4 +1,4 @@
From f7ed42f475271291d126084cb92157974ea274c6 Mon Sep 17 00:00:00 2001
From 5d70bf1302ea3f1006d87672676f86eb5d40eb85 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sun, 30 Aug 2015 03:21:57 -0400
Subject: [PATCH] RHEL: Fixes for libguestfs-winsupport.
@ -26,10 +26,10 @@ index 87fca725..5e0e6c2b 100644
(* Setting the number of vCPUs allows parallel mkinitrd, but make
* sure this is not too large because each vCPU consumes guest RAM.
diff --git a/convert/windows_virtio.ml b/convert/windows_virtio.ml
index 5254322c..301f7544 100644
index a27cd6a5..183166b7 100644
--- a/convert/windows_virtio.ml
+++ b/convert/windows_virtio.ml
@@ -283,6 +283,7 @@ and copy_from_virtio_win g inspect srcdir destdir filter missing =
@@ -241,6 +241,7 @@ and copy_from_virtio_win g inspect srcdir destdir filter missing =
let g2 =
try
let g2 = open_guestfs ~identifier:"virtio_win" () in
@ -99,6 +99,3 @@ index a4cf191d..1ff41f6a 100755
diff -u "$expected" "$response"
# We also update the Registry several times, for firstboot, and (ONLY
--
2.31.1

View File

@ -1,4 +1,4 @@
From 46c843f5d5f19aad7bbfe155d20d5d9f26f8a030 Mon Sep 17 00:00:00 2001
From 37e241d6d4f22331b34c2ed0af233c73be2b0869 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 2 Mar 2017 14:21:37 +0100
Subject: [PATCH] RHEL: v2v: -i disk: force VNC as display (RHBZ#1372671)
@ -9,7 +9,7 @@ The SDL output mode is not supported in RHEL's qemu-kvm.
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/input/input_disk.ml b/input/input_disk.ml
index 9fd08639..dc3bed6f 100644
index 508adf9d..20f2e898 100644
--- a/input/input_disk.ml
+++ b/input/input_disk.ml
@@ -76,7 +76,7 @@ module Disk = struct
@ -21,6 +21,3 @@ index 9fd08639..dc3bed6f 100644
s_listen = LNoListen; s_port = None };
s_sound = None;
s_disks = s_disks;
--
2.31.1

View File

@ -1,4 +1,4 @@
From 70b8b26867ca0c4a142f3fb436e4dbb66a01f187 Mon Sep 17 00:00:00 2001
From 8ee8aec8739c6c0a4024ad187be56f525e8089c0 Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Wed, 8 Mar 2017 11:03:40 +0100
Subject: [PATCH] RHEL: v2v: do not mention SUSE Xen hosts (RHBZ#1430203)
@ -9,7 +9,7 @@ They are not supported in RHEL.
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/virt-v2v-input-xen.pod b/docs/virt-v2v-input-xen.pod
index c4948e5e..97727b8f 100644
index 8080ebea..ad5772de 100644
--- a/docs/virt-v2v-input-xen.pod
+++ b/docs/virt-v2v-input-xen.pod
@@ -11,7 +11,7 @@ virt-v2v-input-xen - Using virt-v2v to convert guests from Xen
@ -21,6 +21,3 @@ index c4948e5e..97727b8f 100644
=head1 INPUT FROM XEN
--
2.31.1

View File

@ -1,4 +1,4 @@
From fa8028afa670c3575f31b838f1d15ed7ee16f26a Mon Sep 17 00:00:00 2001
From fd0c34d843bb5ba9e1b33e0dfd1250943c760a70 Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Tue, 26 Mar 2019 09:42:25 +0100
Subject: [PATCH] RHEL: point to KB for supported v2v hypervisors/guests
@ -122,6 +122,3 @@ index 9815f51f..1ffc0f9d 100644
=head2 Guest firmware
--
2.31.1

View File

@ -1,4 +1,4 @@
From 95640bac1c00014f94bec5539907fd92d7379ad2 Mon Sep 17 00:00:00 2001
From 14507902a675fd2e0356c0faf67524eb04e974d2 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 30 Jun 2021 11:15:52 +0100
Subject: [PATCH] RHEL: Disable -o glance
@ -100,10 +100,10 @@ index f5a3abad..1ab356e8 100644
=head1 AUTHOR
diff --git a/docs/virt-v2v.pod b/docs/virt-v2v.pod
index 9b1e44a1..a1e00db8 100644
index 7d0bafff..84e049cc 100644
--- a/docs/virt-v2v.pod
+++ b/docs/virt-v2v.pod
@@ -431,14 +431,6 @@ See L</Networks and bridges> below.
@@ -416,14 +416,6 @@ See L</Networks and bridges> below.
This is the same as I<-o local>.
@ -117,8 +117,8 @@ index 9b1e44a1..a1e00db8 100644
-
=item B<-o> B<json>
Set the output method to I<json>.
@@ -1170,11 +1162,6 @@ and output methods may use disk space, as outlined in the table below.
This option is deprecated and will be removed in S<virt-v2v 2.2>.
@@ -1148,11 +1140,6 @@ and output methods may use disk space, as outlined in the table below.
This temporarily places a full copy of the uncompressed source disks
in C<$VIRT_V2V_TMPDIR> (or F</var/tmp>).
@ -130,7 +130,7 @@ index 9b1e44a1..a1e00db8 100644
=item I<-o local>
=item I<-o qemu>
@@ -1358,13 +1345,6 @@ instance.
@@ -1336,13 +1323,6 @@ instance.
Because of how Cinder volumes are presented as F</dev> block devices,
using I<-o openstack> normally requires that virt-v2v is run as root.
@ -169,10 +169,10 @@ index c0db9115..074b5e16 100755
set -e
set -x
diff --git a/v2v/v2v.ml b/v2v/v2v.ml
index a66fa285..c9ddce36 100644
index 97b4e4ec..41e020cb 100644
--- a/v2v/v2v.ml
+++ b/v2v/v2v.ml
@@ -205,7 +205,6 @@ let rec main () =
@@ -192,7 +192,6 @@ let rec main () =
if !output_mode <> `Not_set then
error (f_"%s option used more than once on the command line") "-o";
match mode with
@ -180,7 +180,7 @@ index a66fa285..c9ddce36 100644
| "libvirt" -> output_mode := `Libvirt
| "disk" | "local" -> output_mode := `Disk
| "json" -> output_mode := `JSON
@@ -257,7 +256,7 @@ let rec main () =
@@ -250,7 +249,7 @@ let rec main () =
s_"Map network in to out";
[ L"no-trim" ], Getopt.String ("-", no_trim_warning),
s_"Ignored for backwards compatibility";
@ -189,7 +189,7 @@ index a66fa285..c9ddce36 100644
s_"Set output mode (default: libvirt)";
[ M"oa" ], Getopt.String ("sparse|preallocated", set_output_alloc),
s_"Set output allocation mode";
@@ -325,8 +324,6 @@ virt-v2v -i libvirtxml guest-domain.xml -o local -os /var/tmp
@@ -318,8 +317,6 @@ virt-v2v -i libvirtxml guest-domain.xml -o local -os /var/tmp
virt-v2v -i disk disk.img -o local -os /var/tmp
@ -198,7 +198,7 @@ index a66fa285..c9ddce36 100644
There is a companion front-end called \"virt-p2v\" which comes as an
ISO or CD image that can be booted on physical machines.
@@ -396,7 +393,6 @@ read the man page virt-v2v(1).
@@ -387,7 +384,6 @@ read the man page virt-v2v(1).
pr "input:libvirtxml\n";
pr "input:ova\n";
pr "input:vmx\n";
@ -206,7 +206,7 @@ index a66fa285..c9ddce36 100644
pr "output:json\n";
pr "output:libvirt\n";
pr "output:local\n";
@@ -486,7 +482,6 @@ read the man page virt-v2v(1).
@@ -481,7 +477,6 @@ read the man page virt-v2v(1).
| `Disk -> (module Output_disk.Disk)
| `Null -> (module Output_null.Null)
| `QEmu -> (module Output_qemu.QEMU)
@ -214,6 +214,3 @@ index a66fa285..c9ddce36 100644
| `Openstack -> (module Output_openstack.Openstack)
| `RHV_Upload -> (module Output_rhv_upload.RHVUpload)
| `RHV -> (module Output_rhv.RHV)
--
2.31.1

View File

@ -1,4 +1,4 @@
From c7c14141d1c985dbba8749f9209b78d96200c2b3 Mon Sep 17 00:00:00 2001
From 1176553cf7a9a7f7961887372757234ffdfae2bd Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 2 Dec 2021 11:56:05 +0000
Subject: [PATCH] RHEL: Remove the --in-place option
@ -6,138 +6,79 @@ Subject: [PATCH] RHEL: Remove the --in-place option
This disables the virt-v2v --in-place option which we do not
wish to support in RHEL.
---
docs/virt-v2v.pod | 49 -----------------------------------------------
docs/virt-v2v.pod | 8 --------
tests/Makefile.am | 1 -
v2v/v2v.ml | 8 --------
2 files changed, 57 deletions(-)
3 files changed, 17 deletions(-)
diff --git a/docs/virt-v2v.pod b/docs/virt-v2v.pod
index a1e00db8..a3fc3dc8 100644
index 84e049cc..7ad22f00 100644
--- a/docs/virt-v2v.pod
+++ b/docs/virt-v2v.pod
@@ -8,10 +8,6 @@ virt-v2v - Convert a guest to use KVM
[-o mode] [other -o* options]
[guest|filename]
@@ -21,9 +21,6 @@ There is also a companion front-end called L<virt-p2v(1)> which comes
as an ISO, CD or PXE image that can be booted on physical machines to
virtualize those machines (physical to virtual, or p2v).
- virt-v2v --in-place
- [-i mode] [other -i* options]
- [guest|filename]
-For in-place conversion, there is a separate tool called
-L<virt-v2v-in-place(1)>.
-
=head1 DESCRIPTION
=head2 Input and Output
Virt-v2v converts a single guest from a foreign hypervisor to run on
@@ -37,12 +33,6 @@ The input and output sides of virt-v2v are separate and unrelated.
You normally run virt-v2v with several I<-i*> options controlling the
@@ -36,10 +33,6 @@ The input and output sides of virt-v2v are separate and unrelated.
Virt-v2v can read from any input and write to any output. Therefore
these sides of virt-v2v are documented separately in this manual.
-Virt-v2v normally copies from the input to the output, called "copying
-mode". In this case the source guest is always left unchanged.
-In-place conversion (I<--in-place>) only uses the I<-i*> options and
-modifies the source guest in-place. (See L</In-place conversion>
-below.)
-In-place conversions may be done using L<virt-v2v-in-place(1)>.
-
=head2 Other virt-v2v topics
L<virt-v2v-support(1)> — Supported hypervisors, virtualization
@@ -289,20 +279,6 @@ For I<-i disk> only, this specifies the format of the input disk
image. For other input methods you should specify the input
format in the metadata.
@@ -1587,7 +1580,6 @@ L<https://rwmj.wordpress.com/2015/09/18/importing-kvm-guests-to-ovirt-or-rhev/#c
=head1 SEE ALSO
-=item B<--in-place>
-
-Do not create an output virtual machine in the target hypervisor.
-Instead, adjust the guest OS in the source VM to run in the input
-hypervisor.
-
-This mode is meant for integration with other toolsets, which take the
-responsibility of converting the VM configuration, providing for
-rollback in case of errors, transforming the storage, etc.
-
-See L</In-place conversion> below.
-
-Conflicts with all I<-o *> options.
-
=item B<-io> OPTION=VALUE
Set input option(s) related to the current input mode or transport.
@@ -1417,31 +1393,6 @@ that instead.
</devices>
</domain>
-=head2 In-place conversion
-
-It is also possible to use virt-v2v in scenarios where a foreign VM
-has already been imported into a KVM-based hypervisor, but still needs
-adjustments in the guest to make it run in the new virtual hardware.
-
-In that case it is assumed that a third-party tool has created the
-target VM in the supported KVM-based hypervisor based on the source VM
-configuration and contents, but using virtual devices more appropriate
-for KVM (e.g. virtio storage and network, etc.).
-
-Then, to make the guest OS boot and run in the changed environment,
-one can use:
-
- virt-v2v -ic qemu:///system converted_vm --in-place
-
-Virt-v2v will analyze the configuration of C<converted_vm> in the
-C<qemu:///system> libvirt instance, and apply various fixups to the
-guest OS configuration to make it match the VM configuration. This
-may include installing virtio drivers, configuring the bootloader, the
-mountpoints, the network interfaces, and so on.
-
-Should an error occur during the operation, virt-v2v exits with an
-error code leaving the VM in an undefined state.
-
=head2 Machine readable output
The I<--machine-readable> option can be used to make the output more
L<virt-p2v(1)>,
-L<virt-v2v-in-place(1)>,
L<virt-customize(1)>,
L<virt-df(1)>,
L<virt-filesystems(1)>,
diff --git a/tests/Makefile.am b/tests/Makefile.am
index d36e230b..db32e42b 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -77,7 +77,6 @@ TESTS = \
test-v2v-floppy.sh \
test-v2v-i-disk.sh \
test-v2v-i-ova.sh \
- test-v2v-in-place.sh \
test-v2v-mac.sh \
test-v2v-machine-readable.sh \
test-v2v-networks-and-bridges.sh \
diff --git a/v2v/v2v.ml b/v2v/v2v.ml
index c9ddce36..6859a02c 100644
index 41e020cb..e00f9814 100644
--- a/v2v/v2v.ml
+++ b/v2v/v2v.ml
@@ -183,7 +183,6 @@ let rec main () =
let output_storage = ref None in
@@ -214,12 +214,6 @@ let rec main () =
warning (f_"the --vmtype option has been removed and now does nothing")
in
(* Other options that we handle here. *)
- let in_place = ref false in
let print_source = ref false in
let input_mode = ref `Not_set in
@@ -248,8 +247,6 @@ let rec main () =
- (* Options that are errors. *)
- let in_place_error _ =
- error (f_"The --in-place option has been replaced by the \
- virt-v2v-in-place program")
- in
-
let argspec = [
[ L"bandwidth" ], Getopt.String ("bps", set_string_option_once "--bandwidth" bandwidth),
s_"Set bandwidth to bits per sec";
@@ -241,8 +235,6 @@ let rec main () =
s_"Use password from file to connect to input hypervisor";
[ M"it" ], Getopt.String ("transport", set_string_option_once "-it" input_transport),
s_"Input transport";
- [ L"in-place" ], Getopt.Set in_place,
- s_"Only tune the guest in the input VM";
- [ L"in-place" ], Getopt.Unit in_place_error,
- s_"Use virt-v2v-in-place instead";
[ L"mac" ], Getopt.String ("mac:network|bridge|ip:out", add_mac),
s_"Map NIC to network or bridge or assign static IP";
[ S 'n'; L"network" ], Getopt.String ("in:out", add_network),
@@ -347,7 +344,6 @@ read the man page virt-v2v(1).
(* Dereference the arguments. *)
let args = List.rev !args in
- let in_place = !in_place in
let input_conn = !input_conn in
let input_mode = !input_mode in
let input_transport =
@@ -367,9 +363,6 @@ read the man page virt-v2v(1).
let root_choice = !root_choice in
let static_ips = !static_ips in
- (* --in-place isn't implemented yet - TODO *)
- if in_place then error "XXX --in-place option is not implemented yet";
-
(* No arguments and machine-readable mode? Print out some facts
* about what this binary supports.
*)
@@ -383,7 +376,6 @@ read the man page virt-v2v(1).
pr "vddk\n";
pr "colours-option\n";
pr "vdsm-compat-option\n";
- pr "in-place\n";
pr "io/oo\n";
pr "mac-option\n";
pr "bandwidth-option\n";
--
2.31.1

View File

@ -1,55 +0,0 @@
From 67ebe6585e7db9cfc1f01de9777f780db42868f2 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 22 Mar 2022 13:39:57 +0000
Subject: [PATCH] lib: Remove Utils.metaversion
This was used before we turned the helpers into OCaml modules but is
now dead code, remove it.
Fixes: commit 4de22686fe74e1711efd9bfed3f663b67e7ad69e
Fixes: commit 724ecb5e887e5b71db836143ec0c0d8a20b05903
Fixes: commit 5609c73c615a8f12c5c6d50908bb4761bdc16173
(cherry picked from commit c208bc97d863aa43857c72608a1fc57ab50047ed)
---
lib/utils.ml | 2 --
lib/utils.mli | 11 -----------
2 files changed, 13 deletions(-)
diff --git a/lib/utils.ml b/lib/utils.ml
index 7b16dd8b..4f0ff67a 100644
--- a/lib/utils.ml
+++ b/lib/utils.ml
@@ -164,8 +164,6 @@ let rec wait_for_file filename timeout =
wait_for_file filename (timeout-1)
)
-let metaversion = Digest.to_hex (Digest.string Config.package_version_full)
-
let with_nbd_connect_unix ?(meta_contexts = []) ~socket f =
let nbd = NBD.create () in
protect
diff --git a/lib/utils.mli b/lib/utils.mli
index 76a2ec8c..3f8e4b3c 100644
--- a/lib/utils.mli
+++ b/lib/utils.mli
@@ -67,17 +67,6 @@ val wait_for_file : string -> int -> bool
(** [wait_for_file filename timeout] waits up to [timeout] seconds for
[filename] to appear. It returns [true] if the file appeared. *)
-val metaversion : string
-(** When writing the metadata files between versions we serialize this
- string first to ensure the binary metadata blob is compatible.
-
- This prevents mixing and matching helpers between incompatible
- versions of virt-v2v (which could cause a crash) and discourages
- people from trying to write their own metadata.
-
- Eventually we may switch to using an "open metadata" format instead
- (eg. XML). *)
-
val with_nbd_connect_unix : ?meta_contexts:string list ->
socket:string ->
(NBD.t -> 'a) ->
--
2.31.1

File diff suppressed because it is too large Load Diff

View File

@ -1,169 +0,0 @@
From d604830d0da31280c347346343dc880e14965cf8 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 22 Mar 2022 13:49:20 +0000
Subject: [PATCH] lib, v2v: Move common code for creating v2v directory to
Utils
I have also renamed the directory in the code from "tmpdir" to
"v2vdir" since tmpdir was a bit generic and didn't accurately describe
what this directory is for.
This is simple refactoring.
(cherry picked from commit 5a60e9a4f6e68d50c6b22eb0c8608aef563bf516)
---
lib/utils.ml | 9 +++++++++
lib/utils.mli | 3 +++
v2v/v2v.ml | 37 ++++++++++++++-----------------------
v2v/v2v_unit_tests.ml | 1 +
4 files changed, 27 insertions(+), 23 deletions(-)
diff --git a/lib/utils.ml b/lib/utils.ml
index 4f0ff67a..876a44c6 100644
--- a/lib/utils.ml
+++ b/lib/utils.ml
@@ -22,6 +22,7 @@ open Printf
open Std_utils
open Tools_utils
+open Unix_utils
open Common_gettext.Gettext
let large_tmpdir =
@@ -155,6 +156,14 @@ let error_if_no_ssh_agent () =
with Not_found ->
error (f_"ssh-agent authentication has not been set up ($SSH_AUTH_SOCK is not set). This is required by qemu to do passwordless ssh access. See the virt-v2v(1) man page for more information.")
+(* Create the directory containing inX and outX sockets. *)
+let create_v2v_directory () =
+ let d = Mkdtemp.temp_dir "v2v." in
+ let running_as_root = Unix.geteuid () = 0 in
+ if running_as_root then Unix.chmod d 0o711;
+ On_exit.rmdir d;
+ d
+
(* Wait for a file to appear until a timeout. *)
let rec wait_for_file filename timeout =
if Sys.file_exists filename then true
diff --git a/lib/utils.mli b/lib/utils.mli
index 3f8e4b3c..c571cca5 100644
--- a/lib/utils.mli
+++ b/lib/utils.mli
@@ -63,6 +63,9 @@ val backend_is_libvirt : unit -> bool
val error_if_no_ssh_agent : unit -> unit
+val create_v2v_directory : unit -> string
+(** Create the directory containing inX and outX sockets. *)
+
val wait_for_file : string -> int -> bool
(** [wait_for_file filename timeout] waits up to [timeout] seconds for
[filename] to appear. It returns [true] if the file appeared. *)
diff --git a/v2v/v2v.ml b/v2v/v2v.ml
index 6859a02c..71dd1c4d 100644
--- a/v2v/v2v.ml
+++ b/v2v/v2v.ml
@@ -37,17 +37,8 @@ open Utils
let mac_re = PCRE.compile ~anchored:true "([[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}):(network|bridge|ip):(.*)"
let mac_ip_re = PCRE.compile ~anchored:true "([[:xdigit:]]|:|\\.)+"
-(* Create the temporary directory to control conversion.
- *
- * Because it contains sockets, if we're running as root then
- * we must make it executable by world.
- *)
-let tmpdir =
- let tmpdir = Mkdtemp.temp_dir "v2v." in
- let running_as_root = geteuid () = 0 in
- if running_as_root then chmod tmpdir 0o711;
- On_exit.rmdir tmpdir;
- tmpdir
+(* Create the temporary directory to control conversion. *)
+let v2vdir = create_v2v_directory ()
let rec main () =
let set_string_option_once optname optref arg =
@@ -523,7 +514,7 @@ read the man page virt-v2v(1).
(* Start the input module (runs an NBD server in the background). *)
message (f_"Setting up the source: %s")
(Input_module.to_string input_options args);
- let source = Input_module.setup tmpdir input_options args in
+ let source = Input_module.setup v2vdir input_options args in
(* If --print-source then print the source metadata and exit. *)
if print_source then (
@@ -540,28 +531,28 @@ read the man page virt-v2v(1).
let output_poptions = Output_module.parse_options output_options source in
(* Do the conversion. *)
- with_open_out (tmpdir // "convert") (fun _ -> ());
- let inspect, target_meta = Convert.convert tmpdir conv_options source in
- unlink (tmpdir // "convert");
+ with_open_out (v2vdir // "convert") (fun _ -> ());
+ let inspect, target_meta = Convert.convert v2vdir conv_options source in
+ unlink (v2vdir // "convert");
(* Start the output module (runs an NBD server in the background). *)
message (f_"Setting up the destination: %s")
(Output_module.to_string output_options);
- let output_t = Output_module.setup tmpdir output_poptions source in
+ let output_t = Output_module.setup v2vdir output_poptions source in
(* Debug the v2vdir. *)
if verbose () then (
- let cmd = sprintf "ls -alZ %s 1>&2" (quote tmpdir) in
+ let cmd = sprintf "ls -alZ %s 1>&2" (quote v2vdir) in
ignore (Sys.command cmd)
);
(* Do the copy. *)
- with_open_out (tmpdir // "copy") (fun _ -> ());
+ with_open_out (v2vdir // "copy") (fun _ -> ());
(* Get the list of disks and corresponding sockets. *)
let rec loop acc i =
- let input_socket = sprintf "%s/in%d" tmpdir i
- and output_socket = sprintf "%s/out%d" tmpdir i in
+ let input_socket = sprintf "%s/in%d" v2vdir i
+ and output_socket = sprintf "%s/out%d" v2vdir i in
if Sys.file_exists input_socket && Sys.file_exists output_socket then
loop ((i, input_socket, output_socket) :: acc) (i+1)
else
@@ -591,11 +582,11 @@ read the man page virt-v2v(1).
) disks;
(* End of copying phase. *)
- unlink (tmpdir // "copy");
+ unlink (v2vdir // "copy");
(* Do the finalization step. *)
message (f_"Creating output metadata");
- Output_module.finalize tmpdir output_poptions output_t
+ Output_module.finalize v2vdir output_poptions output_t
source inspect target_meta;
message (f_"Finishing off");
@@ -604,7 +595,7 @@ read the man page virt-v2v(1).
* use the presence or absence of the file to determine if
* on-success or on-fail cleanup is required.
*)
- with_open_out (tmpdir // "done") (fun _ -> ())
+ with_open_out (v2vdir // "done") (fun _ -> ())
(* Conversion can fail or hang if there is insufficient free space in
* the large temporary directory. Some input modules use large_tmpdir
diff --git a/v2v/v2v_unit_tests.ml b/v2v/v2v_unit_tests.ml
index 889f7998..bf5306c4 100644
--- a/v2v/v2v_unit_tests.ml
+++ b/v2v/v2v_unit_tests.ml
@@ -26,6 +26,7 @@ open Std_utils
open Tools_utils
open Types
+open Utils
let inspect_defaults = {
i_type = ""; i_distro = ""; i_osinfo = ""; i_arch = "";
--
2.31.1

View File

@ -0,0 +1,27 @@
From 42da4736c2078801c0a5ebbe3825086f9b8d25ea Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 12 Apr 2022 11:53:45 +0100
Subject: [PATCH] output: Remove unused dummy.c
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This was removed when I removed -o json support, but I did not delete
the file from git. “make maintainer-check-extra-dist” complained
about this.
Fixes: commit 4e6b389b4e27c8d13e57fcaf777d96ad7e08650b
(cherry picked from commit 0a1286df1725560e2789134d12022fc52572f9b0)
---
output/dummy.c | 2 --
1 file changed, 2 deletions(-)
delete mode 100644 output/dummy.c
diff --git a/output/dummy.c b/output/dummy.c
deleted file mode 100644
index ebab6198..00000000
--- a/output/dummy.c
+++ /dev/null
@@ -1,2 +0,0 @@
-/* Dummy source, to be used for OCaml-based tools with no C sources. */
-enum { foo = 1 };

View File

@ -0,0 +1,79 @@
From 7b22bc65e5df2bbe9f5ccf8ab05e67afb5a4cb8f Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Tue, 10 May 2022 12:53:07 +0200
Subject: [PATCH] adopt inversion of SELinux relabeling in virt-customize
Remove "--selinux-relabel" options.
Do not add any "--no-selinux-relabel" options; rely on the internal check
for SELinux support instead ("is_selinux_guest" in
"common/mlcustomize/SELinux_relabel.ml").
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1554735
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2075718
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220510105307.15402-1-lersek@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
[lersek@redhat.com: incorporate common submodule update]
(cherry picked from commit 0c24fc6015ce7719acff3bcead7eb227b6de3f21)
---
common | 2 +-
tests/test-v2v-conversion-of.sh | 7 -------
2 files changed, 1 insertion(+), 8 deletions(-)
Submodule common 201632e4..af6cb55b (rewind):
diff --git a/common/mlcustomize/guest_packages.ml b/common/mlcustomize/guest_packages.ml
index 7c29a2ab..4c3c34ed 100644
--- a/common/mlcustomize/guest_packages.ml
+++ b/common/mlcustomize/guest_packages.ml
@@ -73,9 +73,9 @@ let install_command packages package_management =
| "zypper" -> sprintf "zypper -n in -l %s" quoted_args
| "unknown" ->
- error_unknown_package_manager "--install"
+ error_unknown_package_manager (s_"--install")
| pm ->
- error_unimplemented_package_manager "--install" pm
+ error_unimplemented_package_manager (s_"--install") pm
let update_command package_management =
match package_management with
@@ -103,9 +103,9 @@ let update_command package_management =
| "zypper" -> "zypper -n update -l"
| "unknown" ->
- error_unknown_package_manager "--update"
+ error_unknown_package_manager (s_"--update")
| pm ->
- error_unimplemented_package_manager "--update" pm
+ error_unimplemented_package_manager (s_"--update") pm
let uninstall_command packages package_management =
let quoted_args = String.concat " " (List.map quote packages) in
@@ -127,6 +127,6 @@ let uninstall_command packages package_management =
| "zypper" -> sprintf "zypper -n rm %s" quoted_args
| "unknown" ->
- error_unknown_package_manager "--uninstall"
+ error_unknown_package_manager (s_"--uninstall")
| pm ->
- error_unimplemented_package_manager "--uninstall" pm
+ error_unimplemented_package_manager (s_"--uninstall") pm
diff --git a/tests/test-v2v-conversion-of.sh b/tests/test-v2v-conversion-of.sh
index 5a974d1b..5c5cae7c 100755
--- a/tests/test-v2v-conversion-of.sh
+++ b/tests/test-v2v-conversion-of.sh
@@ -53,13 +53,6 @@ fi
# Some guests need special virt-builder parameters.
# See virt-builder --notes "$guestname"
declare -a extra
-case "$guestname" in
- fedora*|rhel*|centos*)
- extra[${#extra[*]}]='--selinux-relabel'
- ;;
- *)
- ;;
-esac
# Don't try to update Windows versions.
case "$guestname" in

View File

@ -1,44 +0,0 @@
From e001191c79e3e890d433fa237deda2332773ab97 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 22 Mar 2022 15:36:00 +0000
Subject: [PATCH] v2v: Move creation of v2v directory until after option
parsing
Only after option parsing does the -v (verbose) option take effect,
and so any debug messages emitted before this point are not seen. In
particular, debug messages emitted when creating the v2v directory
were lost. In any case there's no point creating this directory until
nearer the point when we might actually need it.
(cherry picked from commit 88aaf8263ae89a40e72197ba58f08bc777dc59c3)
---
v2v/v2v.ml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/v2v/v2v.ml b/v2v/v2v.ml
index 71dd1c4d..661f2dec 100644
--- a/v2v/v2v.ml
+++ b/v2v/v2v.ml
@@ -37,9 +37,6 @@ open Utils
let mac_re = PCRE.compile ~anchored:true "([[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}:[[:xdigit:]]{2}):(network|bridge|ip):(.*)"
let mac_ip_re = PCRE.compile ~anchored:true "([[:xdigit:]]|:|\\.)+"
-(* Create the temporary directory to control conversion. *)
-let v2vdir = create_v2v_directory ()
-
let rec main () =
let set_string_option_once optname optref arg =
match !optref with
@@ -333,6 +330,9 @@ read the man page virt-v2v(1).
debug "libvirt version: %d.%d.%d" major minor release
);
+ (* Create the temporary directory to control conversion. *)
+ let v2vdir = create_v2v_directory () in
+
(* Dereference the arguments. *)
let args = List.rev !args in
let input_conn = !input_conn in
--
2.31.1

View File

@ -1,26 +0,0 @@
From 3d20ba06ab98388c3f08e2430eef53e1e912ef62 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Wed, 23 Mar 2022 10:37:24 +0000
Subject: [PATCH] lib/nbdkit.ml: Correct copy/paste error in comment
(cherry picked from commit f44c8d2e819a38ea670b0577fafc8f88265ceacf)
---
lib/nbdkit.ml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/nbdkit.ml b/lib/nbdkit.ml
index 6787fbb0..85621775 100644
--- a/lib/nbdkit.ml
+++ b/lib/nbdkit.ml
@@ -202,7 +202,7 @@ If the messages above are not sufficient to diagnose the problem then add the
socket]);
);
- (* Set the regular Unix permissions, in case qemu is
+ (* Set the regular Unix permissions, in case nbdkit is
* running as another user.
*)
chmod socket 0o777;
--
2.31.1

View File

@ -0,0 +1,105 @@
From 0699afed37343d73c6803cabec466e1c3ca229b0 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 13 Jun 2022 19:01:32 +0200
Subject: [PATCH] output/create_libvirt_xml: wire up the QEMU guest agent
The intent (even before RHBZ#2028764) has been to install the QEMU guest
agent in the converted domain unconditionally. Therefore, in order for the
GA to be actually accessible from the host side, augment the libvirt
output module with a "guest agent connection" also unconditionally.
For starters, the domain needs a virtio-serial device. Then there must be
a port on the device that (in the guest) the GA identifies by name, and
that (on the host) is exposed as a listening socket (usually in the unix
address family). The adress of that port (usually a pathname, i.e., for a
unix domain socket) is then passed to whatever host-side application wants
to talk to the GA.
The minimal domain XML fragment for that ("minimal" for our purposes) is
<controller type='virtio-serial' model='virtio'>
<channel type='unix'>
<target type='virtio' name='org.qemu.guest_agent.0'/>
</channel>
The "controller" element is needed because "controller/@model" is where we
regulate "virtio" vs. "virtio-transitional".
Everything else is filled in by libvirt. Notably, libvirt (a) creates and
binds the unix domain socket itself (usually
"/var/lib/libvirt/qemu/channel/target/DOMAIN/org.qemu.guest_agent.0"), (b)
passes the file descriptor to QEMU, and (c) figures out the socket
pathname for commands such as
virsh domfsinfo DOMAIN
virsh domhostname DOMAIN --source agent
virsh domifaddr DOMAIN --source agent
virsh guestinfo DOMAIN
For QEMU, the corresponding options would be
-chardev socket,id=agent,server=on,wait=off,path=/tmp/DOMAIN-agent \
-device virtio-serial-pci,id=vioserial \
-device virtserialport,bus=vioserial.0,nr=1,chardev=agent,name=org.qemu.guest_agent.0 \
Note the "path=/tmp/DOMAIN-agent" property of "-chardev"; virt-v2v would
have to generate that (in place of the "fd=nnnn" property that libvirt
passes to QEMU).
Omit extending the QEMU output module for now, as the QGA protocol is
based on JSON, and one needs "virsh" or "virt-manager" (or another
management application interface) anyway, for efficiently exchanging
messages with QGA. I don't know of end-user tools that directly connect to
"/tmp/DOMAIN-agent".
Don't modify the RHV and OpenStack outputs either; both of these
management products likely configure the virtio-serial device
automatically, for the agent access.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2028764
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220613170135.12557-2-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 48c6ea27c5a7053e418622f7450e3f9ef05c923f)
---
output/create_libvirt_xml.ml | 11 +++++++++++
tests/test-v2v-i-ova.xml | 4 ++++
2 files changed, 15 insertions(+)
diff --git a/output/create_libvirt_xml.ml b/output/create_libvirt_xml.ml
index 68d0a909..531a4f75 100644
--- a/output/create_libvirt_xml.ml
+++ b/output/create_libvirt_xml.ml
@@ -524,6 +524,17 @@ let create_libvirt_xml ?pool source inspect
e "console" ["type", "pty"] [];
];
+ (* Given that we install the QEMU Guest Agent for both Linux and Windows
+ * guests unconditionally, create the virtio-serial device that's needed for
+ * communication between the host and the agent.
+ *)
+ List.push_back_list devices [
+ e "controller" ["type", "virtio-serial"; "model", virtio_model] [];
+ e "channel" ["type", "unix"] [
+ e "target" ["type", "virtio"; "name", "org.qemu.guest_agent.0"] []
+ ]
+ ];
+
List.push_back_list body [
e "devices" [] !devices;
];
diff --git a/tests/test-v2v-i-ova.xml b/tests/test-v2v-i-ova.xml
index 6b8cda62..da1db473 100644
--- a/tests/test-v2v-i-ova.xml
+++ b/tests/test-v2v-i-ova.xml
@@ -49,5 +49,9 @@
<input type='tablet' bus='usb'/>
<input type='mouse' bus='ps2'/>
<console type='pty'/>
+ <controller type='virtio-serial' model='virtio'/>
+ <channel type='unix'>
+ <target type='virtio' name='org.qemu.guest_agent.0'/>
+ </channel>
</devices>
</domain>

View File

@ -0,0 +1,82 @@
From 82c7526e052d2aa64a6754ff0e1082937e3ee4bc Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 13 Jun 2022 19:01:34 +0200
Subject: [PATCH] convert_linux: extract qemu-guest-agent package name
In commit a30383e35d34 ("v2v: linux: do not install qemu-guest-agent if
already installed", 2019-09-20), the name of the package providing the
QEMU guest agent was hard-coded as "qemu-guest-agent", regardless of
distro family. Turns out this is actually correct (and may have been
intentional, only it was not specifically documented): in all OS families
currently recognized by our "family" function (`RHEL_family, `ALT_family,
`SUSE_family, `Debian_family), the *binary* package is indeed called
"qemu-guest-agent":
- https://brewweb.engineering.redhat.com/brew/packageinfo?packageID=47646
- http://rpmfind.net/linux/rpm2html/search.php?query=qemu-guest-agent&submit=Search+...&system=&arch=
- https://packages.altlinux.org/en/sisyphus/srpms/qemu/
- https://packages.debian.org/search?keywords=qemu-guest-agent&searchon=names&suite=all&section=all
As a way of documenting this, extract the mapping to a new helper function
named "qga_pkg_of_family".
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2028764
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Message-Id: <20220613170135.12557-4-lersek@redhat.com>
(cherry picked from commit f65e8e68fb4eb9b8d40ac0fe7bfc3122a13e5251)
---
convert/convert_linux.ml | 33 +++++++++++++++++++++++++--------
1 file changed, 25 insertions(+), 8 deletions(-)
diff --git a/convert/convert_linux.ml b/convert/convert_linux.ml
index 79462aa1..2ddbc07a 100644
--- a/convert/convert_linux.ml
+++ b/convert/convert_linux.ml
@@ -56,6 +56,16 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ =
| "debian" | "ubuntu" | "linuxmint" | "kalilinux" -> `Debian_family
| _ -> assert false in
+ (* map the OS family name to the qemu-guest-agent package name *)
+ let qga_pkg_of_family =
+ function
+ | `RHEL_family
+ | `ALT_family
+ | `SUSE_family
+ | `Debian_family -> Some "qemu-guest-agent"
+ | _ -> None
+ in
+
assert (inspect.i_package_format = "rpm" || inspect.i_package_format = "deb");
(* Fail early if i_apps is empty. Certain steps such as kernel
@@ -539,14 +549,21 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ =
and install_linux_tools () =
(* It is not fatal if we fail to install the QEMU guest agent. *)
- let has_qemu_guest_agent =
- List.exists (
- fun { G.app2_name = name } ->
- name = "qemu-guest-agent"
- ) inspect.i_apps in
- if not has_qemu_guest_agent then
- (* FIXME -- install qemu-guest-agent here *)
- ()
+ match qga_pkg_of_family family with
+ | None -> warning (f_"The name of the package that provides the QEMU Guest \
+ Agent for this guest OS is unknown. The guest agent \
+ will not be installed. Please consider reporting a \
+ bug according to the BUGS section of the virt-v2v(1) \
+ manual.")
+ | Some qga_pkg ->
+ let has_qemu_guest_agent =
+ List.exists (
+ fun { G.app2_name = name } ->
+ name = qga_pkg
+ ) inspect.i_apps in
+ if not has_qemu_guest_agent then
+ (* FIXME -- install qemu-guest-agent here *)
+ ()
and configure_kernel () =
(* Previously this function would try to install kernels, but we

View File

@ -1,151 +0,0 @@
From 6ca02e37d72a81e7e32d4d3eef24d8a0abe3deb2 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 22 Mar 2022 13:53:41 +0000
Subject: [PATCH] lib: Improve security of in/out sockets when running virt-v2v
as root
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When using the libvirt backend and running as root, libvirt will run
qemu as a non-root user (eg. qemu:qemu). The v2v directory stores NBD
endpoints that qemu must be able to open and so we set the directory
to mode 0711. Unfortunately this permits any non-root user to open
the sockets (since, by design, they have predictable names within the
directory).
Additionally we were setting the sockets themselves to 0777 mode.
Instead of using directory permissions, change the owner of the
directory and sockets to precisely give access to the qemu user and no
one else.
Reported-by: Xiaodai Wang
Thanks: Dr David Gilbert, Daniel Berrangé, Laszlo Ersek
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2066773
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 4e7f206843735ba24e2034f694a214ef057ee139)
---
lib/nbdkit.ml | 3 ++-
lib/qemuNBD.ml | 3 ++-
lib/utils.ml | 47 +++++++++++++++++++++++++++++++++++++++++++++--
lib/utils.mli | 11 +++++++++++
4 files changed, 60 insertions(+), 4 deletions(-)
diff --git a/lib/nbdkit.ml b/lib/nbdkit.ml
index 85621775..9ee6f39c 100644
--- a/lib/nbdkit.ml
+++ b/lib/nbdkit.ml
@@ -205,6 +205,7 @@ If the messages above are not sufficient to diagnose the problem then add the
(* Set the regular Unix permissions, in case nbdkit is
* running as another user.
*)
- chmod socket 0o777;
+ chown_for_libvirt_rhbz_1045069 socket;
+ chmod socket 0o700;
socket, pid
diff --git a/lib/qemuNBD.ml b/lib/qemuNBD.ml
index 54139ce0..2c999b9f 100644
--- a/lib/qemuNBD.ml
+++ b/lib/qemuNBD.ml
@@ -150,7 +150,8 @@ If the messages above are not sufficient to diagnose the problem then add the
(* Set the regular Unix permissions, in case qemu is
* running as another user.
*)
- chmod socket 0o777;
+ chown_for_libvirt_rhbz_1045069 socket;
+ chmod socket 0o700;
(* We don't need the PID file any longer. *)
unlink pidfile;
diff --git a/lib/utils.ml b/lib/utils.ml
index 876a44c6..7116a4f9 100644
--- a/lib/utils.ml
+++ b/lib/utils.ml
@@ -147,6 +147,50 @@ let backend_is_libvirt () =
let backend = fst (String.split ":" backend) in
backend = "libvirt"
+let rec chown_for_libvirt_rhbz_1045069 file =
+ let running_as_root = Unix.geteuid () = 0 in
+ if running_as_root && backend_is_libvirt () then (
+ try
+ let user = Option.default "qemu" (libvirt_qemu_user ()) in
+ let uid =
+ if String.is_prefix user "+" then
+ int_of_string (String.sub user 1 (String.length user - 1))
+ else
+ (Unix.getpwnam user).pw_uid in
+ debug "setting owner of %s to %d:root" file uid;
+ Unix.chown file uid 0
+ with
+ | exn -> (* Print exception, but continue. *)
+ debug "could not set owner of %s: %s"
+ file (Printexc.to_string exn)
+ )
+
+(* Get the local user that libvirt uses to run qemu when we are
+ * running as root. This is returned as an optional string
+ * containing the username. The username might be "+NNN"
+ * meaning a numeric UID.
+ * https://listman.redhat.com/archives/libguestfs/2022-March/028450.html
+ *)
+and libvirt_qemu_user =
+ let user =
+ lazy (
+ let conn = Libvirt.Connect.connect_readonly () in
+ let xml = Libvirt.Connect.get_capabilities conn in
+ let doc = Xml.parse_memory xml in
+ let xpathctx = Xml.xpath_new_context doc in
+ let expr =
+ "//secmodel[./model=\"dac\"]/baselabel[@type=\"kvm\"]/text()" in
+ let uid_gid = Xpath_helpers.xpath_string xpathctx expr in
+ match uid_gid with
+ | None -> None
+ | Some uid_gid ->
+ (* The string will be something like "+107:+107", return the
+ * UID part.
+ *)
+ Some (fst (String.split ":" uid_gid))
+ ) in
+ fun () -> Lazy.force user
+
(* When using the SSH driver in qemu (currently) this requires
* ssh-agent authentication. Give a clear error if this hasn't been
* set up (RHBZ#1139973). This might improve if we switch to libssh1.
@@ -159,8 +203,7 @@ let error_if_no_ssh_agent () =
(* Create the directory containing inX and outX sockets. *)
let create_v2v_directory () =
let d = Mkdtemp.temp_dir "v2v." in
- let running_as_root = Unix.geteuid () = 0 in
- if running_as_root then Unix.chmod d 0o711;
+ chown_for_libvirt_rhbz_1045069 d;
On_exit.rmdir d;
d
diff --git a/lib/utils.mli b/lib/utils.mli
index c571cca5..d431e21f 100644
--- a/lib/utils.mli
+++ b/lib/utils.mli
@@ -61,6 +61,17 @@ val qemu_img_supports_offset_and_size : unit -> bool
val backend_is_libvirt : unit -> bool
(** Return true iff the current backend is libvirt. *)
+val chown_for_libvirt_rhbz_1045069 : string -> unit
+(** If running and root, and if the backend is libvirt, libvirt
+ will run qemu as a non-root user. This prevents access
+ to root-owned files and directories. To fix this, provide
+ a function to chown things we might need to qemu:root so
+ qemu can access them. Note that root normally ignores
+ permissions so can still access the resource.
+
+ This is best-effort. If something fails then we carry
+ on and hope for the best. *)
+
val error_if_no_ssh_agent : unit -> unit
val create_v2v_directory : unit -> string
--
2.31.1

View File

@ -0,0 +1,119 @@
From e32a5ee7deb9a381ab285aba92c4de23e3c6ee2e Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 13 Jun 2022 19:01:35 +0200
Subject: [PATCH] convert_linux: install the QEMU guest agent with a firstboot
script
Register a firstboot script, for installing the guest agent with the
guest's own package manager -- that is, "Guest_packages.install_command".
For installing the package, network connectivity is required. Check it
first with "nmcli" (also checking whether NetworkManager is running), then
with "systemd-networkd-wait-online" (dependent on systemd-networkd). Note
that NetworkManager and systemd-networkd are never supposed to be enabled
at the same time.
The source domain's SELinux policy may not allow our firstboot service to
execute the package's installation scripts (if any). For that reason,
temporarily disable SELinux around package installation.
After installation, register another script for launching the agent.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2028764
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220613170135.12557-5-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit e64356896377af1ac75a03d6a4c6a4208910bbf4)
---
convert/convert_linux.ml | 78 ++++++++++++++++++++++++++++++++++++++--
1 file changed, 76 insertions(+), 2 deletions(-)
diff --git a/convert/convert_linux.ml b/convert/convert_linux.ml
index 2ddbc07a..59d143bd 100644
--- a/convert/convert_linux.ml
+++ b/convert/convert_linux.ml
@@ -562,8 +562,82 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ =
name = qga_pkg
) inspect.i_apps in
if not has_qemu_guest_agent then
- (* FIXME -- install qemu-guest-agent here *)
- ()
+ try
+ let inst_cmd = Guest_packages.install_command [qga_pkg]
+ inspect.i_package_management in
+
+ (* Use only the portable filename character set in this. *)
+ let selinux_enforcing = "/root/virt-v2v-fb-selinux-enforcing"
+ and timeout = 30 in
+ let fbs =
+ Firstboot.add_firstboot_script g inspect.i_root
+ in
+ info (f_"The QEMU Guest Agent will be installed for this guest at \
+ first boot.");
+
+ (* Wait for the network to come online in the guest (best effort).
+ *)
+ fbs "wait online"
+ (sprintf "#!/bin/sh\n\
+ if conn=$(nmcli networking connectivity); then\n\
+ \ \ tries=0\n\
+ \ \ while\n\
+ \ \ \ \ test $tries -lt %d &&\n\
+ \ \ \ \ test full != \"$conn\"\n\
+ \ \ do\n\
+ \ \ \ \ sleep 1\n\
+ \ \ \ \ tries=$((tries + 1))\n\
+ \ \ \ \ conn=$(nmcli networking connectivity)\n\
+ \ \ done\n\
+ elif systemctl -q is-active systemd-networkd; then\n\
+ \ \ /usr/lib/systemd/systemd-networkd-wait-online \\\n\
+ \ \ \ \ -q --timeout=%d\n\
+ fi\n" timeout timeout);
+
+ (* Disable SELinux temporarily around package installation. Refer to
+ * <https://bugzilla.redhat.com/show_bug.cgi?id=2028764#c7> and
+ * <https://bugzilla.redhat.com/show_bug.cgi?id=2028764#c8>.
+ *)
+ fbs "setenforce 0"
+ (sprintf "#!/bin/sh\n\
+ rm -f %s\n\
+ if command -v getenforce >/dev/null &&\n\
+ \ \ test Enforcing = \"$(getenforce)\"\n\
+ then\n\
+ \ \ touch %s\n\
+ \ \ setenforce 0\n\
+ fi\n" selinux_enforcing selinux_enforcing);
+ fbs "install qga" inst_cmd;
+ fbs "setenforce restore"
+ (sprintf "#!/bin/sh\n\
+ if test -f %s; then\n\
+ \ \ setenforce 1\n\
+ \ \ rm -f %s\n\
+ fi\n" selinux_enforcing selinux_enforcing);
+
+ (* Start the agent now and at subsequent boots. The following
+ * commands should work on both sysvinit distros / distro versions
+ * (regardless of "/etc/rc.d/" vs. "/etc/init.d/" being the scheme
+ * in use) and systemd distros (via redirection to systemctl).
+ *
+ * On distros where the chkconfig command is redirected to
+ * systemctl, the chkconfig command is likely superfluous. That's
+ * because on systemd distros, the QGA package comes with such
+ * runtime dependencies / triggers that the presence of the
+ * virtio-serial port named "org.qemu.guest_agent.0" automatically
+ * starts the agent during (second and later) boots. However, even
+ * on such distros, the chkconfig command should do no harm.
+ *)
+ fbs "start qga"
+ (sprintf "#!/bin/sh\n\
+ service %s start\n\
+ chkconfig %s on\n" qga_pkg qga_pkg)
+ with
+ | Guest_packages.Unknown_package_manager msg
+ | Guest_packages.Unimplemented_package_manager msg ->
+ warning (f_"The QEMU Guest Agent will not be installed. The \
+ install command for package %s could not be created: \
+ %s.") qga_pkg msg
and configure_kernel () =
(* Previously this function would try to install kernels, but we

View File

@ -1,343 +0,0 @@
From 6d99469c696ea691a908ad8a65314475e43b7bd0 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 23 Mar 2022 11:43:30 +0100
Subject: [PATCH] nbdkit, qemuNBD: run_unix: formally require externally
provided socket
At this point, virt-v2v never relies on the Unix domain sockets created
inside the "run_unix" implementations. Simplify the code by removing this
option.
Consequently, the internally created temporary directory only holds the
NBD server's PID file, and never its UNIX domain socket. Therefore:
(1) we no longer need the libguestfs socket dir to be our temp dir,
(2) we need not change the file mode bits on the temp dir,
(3) we can rename "tmpdir" to the more specific "piddir".
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2066773
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220323104330.9667-1-lersek@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 9788b06765af335b054aba03f41d1b829ed13092)
---
input/input_disk.ml | 4 ++--
input/input_libvirt.ml | 8 ++++----
input/input_ova.ml | 2 +-
input/input_vddk.ml | 2 +-
input/input_vmx.ml | 4 ++--
input/input_xen_ssh.ml | 2 +-
input/vCenter.ml | 2 +-
lib/nbdkit.ml | 24 +++++-------------------
lib/nbdkit.mli | 6 +-----
lib/qemuNBD.ml | 25 +++++--------------------
lib/qemuNBD.mli | 6 +-----
output/output.ml | 4 ++--
output/output_null.ml | 2 +-
output/output_rhv_upload.ml | 2 +-
14 files changed, 28 insertions(+), 65 deletions(-)
diff --git a/input/input_disk.ml b/input/input_disk.ml
index dc3bed6f..c08548ee 100644
--- a/input/input_disk.ml
+++ b/input/input_disk.ml
@@ -109,7 +109,7 @@ module Disk = struct
Nbdkit.add_arg cmd "file" disk;
if Nbdkit.version nbdkit_config >= (1, 22, 0) then
Nbdkit.add_arg cmd "cache" "none";
- let _, pid = Nbdkit.run_unix ~socket cmd in
+ let _, pid = Nbdkit.run_unix socket cmd in
(* --exit-with-parent should ensure nbdkit is cleaned
* up when we exit, but it's not supported everywhere.
@@ -120,7 +120,7 @@ module Disk = struct
let cmd = QemuNBD.create disk in
QemuNBD.set_snapshot cmd true; (* protective overlay *)
QemuNBD.set_format cmd (Some format);
- let _, pid = QemuNBD.run_unix ~socket cmd in
+ let _, pid = QemuNBD.run_unix socket cmd in
On_exit.kill pid
) args;
diff --git a/input/input_libvirt.ml b/input/input_libvirt.ml
index ee836aa0..ad7e20e8 100644
--- a/input/input_libvirt.ml
+++ b/input/input_libvirt.ml
@@ -87,7 +87,7 @@ and setup_servers dir disks =
Nbdkit.add_arg cmd "hostname" hostname;
Nbdkit.add_arg cmd "port" (string_of_int port);
Nbdkit.add_arg cmd "shared" "true";
- let _, pid = Nbdkit.run_unix ~socket cmd in
+ let _, pid = Nbdkit.run_unix socket cmd in
(* --exit-with-parent should ensure nbdkit is cleaned
* up when we exit, but it's not supported everywhere.
@@ -98,7 +98,7 @@ and setup_servers dir disks =
| HTTP url ->
let cor = dir // "convert" in
let cmd = Nbdkit_curl.create_curl ~cor url in
- let _, pid = Nbdkit.run_unix ~socket cmd in
+ let _, pid = Nbdkit.run_unix socket cmd in
(* --exit-with-parent should ensure nbdkit is cleaned
* up when we exit, but it's not supported everywhere.
@@ -113,7 +113,7 @@ and setup_servers dir disks =
Nbdkit.add_arg cmd "file" filename;
if Nbdkit.version nbdkit_config >= (1, 22, 0) then
Nbdkit.add_arg cmd "cache" "none";
- let _, pid = Nbdkit.run_unix ~socket cmd in
+ let _, pid = Nbdkit.run_unix socket cmd in
(* --exit-with-parent should ensure nbdkit is cleaned
* up when we exit, but it's not supported everywhere.
@@ -125,7 +125,7 @@ and setup_servers dir disks =
let cmd = QemuNBD.create filename in
QemuNBD.set_snapshot cmd true; (* protective overlay *)
QemuNBD.set_format cmd format;
- let _, pid = QemuNBD.run_unix ~socket cmd in
+ let _, pid = QemuNBD.run_unix socket cmd in
On_exit.kill pid
) disks
diff --git a/input/input_ova.ml b/input/input_ova.ml
index c94ddc79..796cc3bc 100644
--- a/input/input_ova.ml
+++ b/input/input_ova.ml
@@ -192,7 +192,7 @@ module OVA = struct
let cmd = QemuNBD.create qemu_uri in
QemuNBD.set_snapshot cmd true; (* protective overlay *)
QemuNBD.set_format cmd None; (* auto-detect format *)
- let _, pid = QemuNBD.run_unix ~socket cmd in
+ let _, pid = QemuNBD.run_unix socket cmd in
On_exit.kill pid
) qemu_uris;
diff --git a/input/input_vddk.ml b/input/input_vddk.ml
index 29764095..f8bf3d28 100644
--- a/input/input_vddk.ml
+++ b/input/input_vddk.ml
@@ -196,7 +196,7 @@ information on these settings.
?nfchostport ?password_file:options.input_password ?port
~server ?snapshot ~thumbprint ?transports ?user
path in
- let _, pid = Nbdkit.run_unix ~socket nbdkit in
+ let _, pid = Nbdkit.run_unix socket nbdkit in
On_exit.kill pid
) disks;
diff --git a/input/input_vmx.ml b/input/input_vmx.ml
index 3aa49fa6..34ae99a3 100644
--- a/input/input_vmx.ml
+++ b/input/input_vmx.ml
@@ -66,7 +66,7 @@ module VMX = struct
(absolute_path_from_other_file vmx_filename filename) in
QemuNBD.set_snapshot cmd true; (* protective overlay *)
QemuNBD.set_format cmd (Some "vmdk");
- let _, pid = QemuNBD.run_unix ~socket cmd in
+ let _, pid = QemuNBD.run_unix socket cmd in
On_exit.kill pid
) filenames
@@ -108,7 +108,7 @@ module VMX = struct
let bandwidth = options.bandwidth in
let nbdkit = Nbdkit_ssh.create_ssh ?bandwidth ~cor ~password
~server ?port ?user abs_path in
- let _, pid = Nbdkit.run_unix ~socket nbdkit in
+ let _, pid = Nbdkit.run_unix socket nbdkit in
On_exit.kill pid
) filenames
);
diff --git a/input/input_xen_ssh.ml b/input/input_xen_ssh.ml
index 85e24bce..989a0cc7 100644
--- a/input/input_xen_ssh.ml
+++ b/input/input_xen_ssh.ml
@@ -118,7 +118,7 @@ module XenSSH = struct
let bandwidth = options.bandwidth in
let nbdkit = Nbdkit_ssh.create_ssh ?bandwidth ~cor ~password
?port ~server ?user path in
- let _, pid = Nbdkit.run_unix ~socket nbdkit in
+ let _, pid = Nbdkit.run_unix socket nbdkit in
On_exit.kill pid
) disks;
diff --git a/input/vCenter.ml b/input/vCenter.ml
index 40d594f0..8a1a5655 100644
--- a/input/vCenter.ml
+++ b/input/vCenter.ml
@@ -117,7 +117,7 @@ let rec start_nbdkit_for_path ?bandwidth ?cor ?password_file
Nbdkit_curl.create_curl ?bandwidth ?cor
~cookie_script ~cookie_script_renew
~sslverify https_url in
- let _, pid = Nbdkit.run_unix ~socket nbdkit in
+ let _, pid = Nbdkit.run_unix socket nbdkit in
pid
and get_https_url dcPath uri server path =
diff --git a/lib/nbdkit.ml b/lib/nbdkit.ml
index 9ee6f39c..07896684 100644
--- a/lib/nbdkit.ml
+++ b/lib/nbdkit.ml
@@ -102,27 +102,13 @@ let add_env cmd name value = cmd.env <- (name, value) :: cmd.env
let add_filter_if_available cmd filter =
if probe_filter filter then add_filter cmd filter
-let run_unix ?socket cmd =
- (* Create a temporary directory where we place the socket and PID file.
- * Use the libguestfs socket directory, so it is more likely the full path
- * of the UNIX sockets will fit in the (limited) socket pathname.
- *)
- let tmpdir =
- let base_dir = (open_guestfs ())#get_sockdir () in
- let t = Mkdtemp.temp_dir ~base_dir "v2vnbdkit." in
- (* tmpdir must be readable (but not writable) by "other" so that
- * qemu can open the sockets.
- *)
- chmod t 0o755;
- On_exit.rmdir t;
- t in
+let run_unix socket cmd =
+ (* Create a temporary directory where we place the PID file. *)
+ let piddir = Mkdtemp.temp_dir "v2vnbdkit." in
+ On_exit.rmdir piddir;
let id = unique () in
- let pidfile = tmpdir // sprintf "nbdkit%d.pid" id in
- let socket =
- match socket with
- | None -> tmpdir // sprintf "nbdkit%d.sock" id
- | Some socket -> socket in
+ let pidfile = piddir // sprintf "nbdkit%d.pid" id in
(* Construct the final command line. *)
let add_arg, add_args_reversed, get_args =
diff --git a/lib/nbdkit.mli b/lib/nbdkit.mli
index dc2fd04b..5ba83ab0 100644
--- a/lib/nbdkit.mli
+++ b/lib/nbdkit.mli
@@ -92,14 +92,10 @@ val add_args : cmd -> (string * string) list -> unit
val add_env : cmd -> string -> string -> unit
(** Add name=value environment variable. *)
-val run_unix : ?socket:string -> cmd -> string * int
+val run_unix : string -> cmd -> string * int
(** Start nbdkit command listening on a Unix domain socket, waiting
for the process to start up.
- If optional [?socket] parameter is omitted, then a temporary
- Unix domain socket name is created. If [?socket] is present
- then this overrides the temporary name.
-
Returns the Unix domain socket name and the nbdkit process ID.
The --exit-with-parent, --foreground, --pidfile, --newstyle and
diff --git a/lib/qemuNBD.ml b/lib/qemuNBD.ml
index 2c999b9f..ae21b17c 100644
--- a/lib/qemuNBD.ml
+++ b/lib/qemuNBD.ml
@@ -62,30 +62,15 @@ let create disk = { disk; snapshot = false; format = None }
let set_snapshot cmd snap = cmd.snapshot <- snap
let set_format cmd format = cmd.format <- format
-let run_unix ?socket { disk; snapshot; format } =
+let run_unix socket { disk; snapshot; format } =
assert (disk <> "");
- (* Create a temporary directory where we place the socket and PID file.
- * Use the libguestfs socket directory, so it is more likely the full path
- * of the UNIX sockets will fit in the (limited) socket pathname.
- *)
- let tmpdir =
- let base_dir = (open_guestfs ())#get_sockdir () in
- let t = Mkdtemp.temp_dir ~base_dir "v2vqemunbd." in
- (* tmpdir must be readable (but not writable) by "other" so that
- * qemu can open the sockets.
- *)
- chmod t 0o755;
- On_exit.rmdir t;
- t in
+ (* Create a temporary directory where we place the PID file. *)
+ let piddir = Mkdtemp.temp_dir "v2vqemunbd." in
+ On_exit.rmdir piddir;
let id = unique () in
- let pidfile = tmpdir // sprintf "qemunbd%d.pid" id in
-
- let socket =
- match socket with
- | Some socket -> socket
- | None -> tmpdir // sprintf "qemunbd%d.sock" id in
+ let pidfile = piddir // sprintf "qemunbd%d.pid" id in
(* Construct the qemu-nbd command line. *)
let args = ref [] in
diff --git a/lib/qemuNBD.mli b/lib/qemuNBD.mli
index 83871c5b..e10d3106 100644
--- a/lib/qemuNBD.mli
+++ b/lib/qemuNBD.mli
@@ -43,12 +43,8 @@ val set_snapshot : cmd -> bool -> unit
val set_format : cmd -> string option -> unit
(** Set the format [--format] parameter. *)
-val run_unix : ?socket:string -> cmd -> string * int
+val run_unix : string -> cmd -> string * int
(** Start qemu-nbd command listening on a Unix domain socket,
waiting for the process to start up.
- If optional [?socket] parameter is omitted, then a temporary
- Unix domain socket name is created. If [?socket] is present
- then this overrides the temporary name.
-
Returns the Unix domain socket name and the qemu-nbd process ID. *)
diff --git a/output/output.ml b/output/output.ml
index 7256b547..10e685c4 100644
--- a/output/output.ml
+++ b/output/output.ml
@@ -90,7 +90,7 @@ let output_to_local_file ?(changeuid = fun f -> f ())
let cmd = Nbdkit.add_arg cmd "cache" "none" in
cmd
);
- let _, pid = Nbdkit.run_unix ~socket cmd in
+ let _, pid = Nbdkit.run_unix socket cmd in
(* --exit-with-parent should ensure nbdkit is cleaned
* up when we exit, but it's not supported everywhere.
@@ -101,7 +101,7 @@ let output_to_local_file ?(changeuid = fun f -> f ())
let cmd = QemuNBD.create filename in
QemuNBD.set_snapshot cmd false;
QemuNBD.set_format cmd (Some "qcow2");
- let _, pid = QemuNBD.run_unix ~socket cmd in
+ let _, pid = QemuNBD.run_unix socket cmd in
On_exit.kill pid
| _ ->
diff --git a/output/output_null.ml b/output/output_null.ml
index 86d81eaa..c8e27c0b 100644
--- a/output/output_null.ml
+++ b/output/output_null.ml
@@ -70,7 +70,7 @@ module Null = struct
let () =
let cmd = Nbdkit.create ~quiet:true "null" in
Nbdkit.add_arg cmd "size" "7E";
- let _, pid = Nbdkit.run_unix ~socket cmd in
+ let _, pid = Nbdkit.run_unix socket cmd in
(* --exit-with-parent should ensure nbdkit is cleaned
* up when we exit, but it's not supported everywhere.
diff --git a/output/output_rhv_upload.ml b/output/output_rhv_upload.ml
index 72463e57..828996b3 100644
--- a/output/output_rhv_upload.ml
+++ b/output/output_rhv_upload.ml
@@ -398,7 +398,7 @@ e command line has to match the number of guest disk images (for this guest: %d)
Nbdkit.add_arg cmd "insecure" "true";
if is_ovirt_host then
Nbdkit.add_arg cmd "is_ovirt_host" "true";
- let _, pid = Nbdkit.run_unix ~socket cmd in
+ let _, pid = Nbdkit.run_unix socket cmd in
List.push_front pid nbdkit_pids
) (List.combine disks disk_uuids);
--
2.31.1

View File

@ -0,0 +1,122 @@
From 50a74177b3577952159d87335cf40c0ad3e51b4d Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 17 Jun 2022 11:53:37 +0200
Subject: [PATCH] RHV outputs: limit copied disk count to 23
We currently support virtio-blk (commonly) or IDE (unusually) for exposing
disks to the converted guest; refer to "guestcaps.gcaps_block_bus" in
"lib/create_ovf.ml". When using virtio-blk (i.e., in the common case), RHV
can deal with at most 23 disks, as it plugs each virtio-blk device in a
separate slot on the PCI(e) root bus; and the other slots are reserved for
various purposes. When a domain has too many disks, the problem only
becomes apparent once the copying finishes and an import is attempted.
Modify the RHV outputs to fail relatively early when a domain has more
than 23 disks that need to be copied.
Notes:
- With IDE, the theoretical limit may even be as low as 4. However, in the
"Output_module.setup" function, we don't have access to
"guestcaps.gcaps_block_bus", and in practice the IDE limitation has not
caused surprises. So for now stick with 23, assuming virtio-blk.
Modifying the "Output_module.setup" parameter list just for this seems
overkill.
- We could move the new check to an even earlier step, namely
"Output_module.parse_options", due to the v2v directory deliberately
existing (and having been populated with input sockets) at that time.
However, even discounting the fact that "parse_options" is not a good
name for including this kind of step, "parse_options" does not have
access to the v2v directory name, and modifying the signature just for
this is (again) overkill.
- By adding the check to "Output_module.setup", we waste *some* effort
(namely, the conversion occurs between "parse_options" and "setup"),
but: (a) the "rhv-disk-uuid" count check (against the disk count) is
already being done in the rhv-upload module's "setup" function, (b) in
practice the slowest step ought to be the copying, and placing the new
check in "setup" is early enough to prevent that.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2051564
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220617095337.9122-1-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit e186cc2bea99a077990f192953e1bf6c9ba70e79)
---
output/output.ml | 5 +++++
output/output.mli | 7 +++++++
output/output_rhv.ml | 1 +
output/output_rhv_upload.ml | 1 +
output/output_vdsm.ml | 1 +
5 files changed, 15 insertions(+)
diff --git a/output/output.ml b/output/output.ml
index 10e685c4..5c6670b9 100644
--- a/output/output.ml
+++ b/output/output.ml
@@ -64,6 +64,11 @@ let get_disks dir =
in
loop [] 0
+let error_if_disk_count_gt dir n =
+ let socket = sprintf "%s/in%d" dir n in
+ if Sys.file_exists socket then
+ error (f_"this output module doesn't support copying more than %d disks") n
+
let output_to_local_file ?(changeuid = fun f -> f ())
output_alloc output_format filename size socket =
(* Check nbdkit is installed and has the required plugin. *)
diff --git a/output/output.mli b/output/output.mli
index 533a0c51..8d3d6865 100644
--- a/output/output.mli
+++ b/output/output.mli
@@ -76,6 +76,13 @@ val get_disks : string -> (int * int64) list
(** Examines the v2v directory and opens each input socket (in0 etc),
returning a list of input disk index and size. *)
+val error_if_disk_count_gt : string -> int -> unit
+(** This function lets an output module enforce a maximum disk count.
+ [error_if_disk_count_gt dir n] checks whether the domain has more than [n]
+ disks that need to be copied, by examining the existence of input NBD socket
+ "in[n]" in the v2v directory [dir]. If the socket exists, [error] is
+ called. *)
+
val output_to_local_file : ?changeuid:((unit -> unit) -> unit) ->
Types.output_allocation ->
string -> string -> int64 -> string ->
diff --git a/output/output_rhv.ml b/output/output_rhv.ml
index 119207fd..8571e07b 100644
--- a/output/output_rhv.ml
+++ b/output/output_rhv.ml
@@ -56,6 +56,7 @@ module RHV = struct
(options.output_alloc, options.output_format, output_name, output_storage)
let rec setup dir options source =
+ error_if_disk_count_gt dir 23;
let disks = get_disks dir in
let output_alloc, output_format, output_name, output_storage = options in
diff --git a/output/output_rhv_upload.ml b/output/output_rhv_upload.ml
index 828996b3..f2ced4f4 100644
--- a/output/output_rhv_upload.ml
+++ b/output/output_rhv_upload.ml
@@ -133,6 +133,7 @@ after their uploads (if you do, you must supply one for each disk):
else PCRE.matches (Lazy.force rex_uuid) uuid
let rec setup dir options source =
+ error_if_disk_count_gt dir 23;
let disks = get_disks dir in
let output_conn, output_format,
output_password, output_name, output_storage,
diff --git a/output/output_vdsm.ml b/output/output_vdsm.ml
index a1e8c246..23d1b9cd 100644
--- a/output/output_vdsm.ml
+++ b/output/output_vdsm.ml
@@ -119,6 +119,7 @@ For each disk you must supply one of each of these options:
compat, ovf_flavour)
let setup dir options source =
+ error_if_disk_count_gt dir 23;
let disks = get_disks dir in
let output_alloc, output_format,
output_name, output_storage,

View File

@ -0,0 +1,49 @@
From 81a201269e5451cd76348e0da6d0ef4c0fb4c0dd Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 1 Jul 2022 15:30:42 +0200
Subject: [PATCH] convert: document networking dependency of "--key ID:clevis"
Virt-v2v enables appliance networking already, for the sake of
"unconfigure_vmware". We now have a second use case for networking: "--key
ID:clevis". Update the comment in the code.
(Short log for libguestfs-common commit range 35467027f657..af6cb55bc58a:
Laszlo Ersek (12):
options: fix UUID comparison logic bug in get_keys()
mltools/tools_utils: remove unused function "key_store_to_cli"
mltools/tools_utils: allow multiple "--key" options for OCaml tools too
options: replace NULL-termination with number-of-elements in get_keys()
options: wrap each passphrase from get_keys() into a struct
options: add back-end for LUKS decryption with Clevis+Tang
options: introduce selector type "key_clevis"
options: generalize "--key" selector parsing for C-language utilities
mltools/tools_utils-c: handle internal type error with abort()
mltools/tools_utils: generalize "--key" selector parsing for OCaml utils
options, mltools/tools_utils: parse "--key ID:clevis" options
options, mltools/tools_utils: add helper for network dependency
).
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220628115856.5820-1-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 98fa5ab2685371c681282ce5de704877af27be74)
---
convert/convert.ml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/convert/convert.ml b/convert/convert.ml
index 5e0e6c2b..b678dc92 100644
--- a/convert/convert.ml
+++ b/convert/convert.ml
@@ -57,7 +57,8 @@ let rec convert dir options source =
* sure this is not too large because each vCPU consumes guest RAM.
*)
g#set_smp (min 8 (Sysconf.nr_processors_online ()));
- (* The network is only used by the unconfigure_vmware () function. *)
+ (* The network is used by the unconfigure_vmware () function, and the "--key
+ * ID:clevis" command line options (if any). *)
g#set_network true;
List.iter (
fun { s_disk_id = i } ->

View File

@ -0,0 +1,142 @@
From 80831868395d161af8c47edf2f54234c63581d8d Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 28 Jan 2022 09:30:29 +0000
Subject: [PATCH] qemu-nbd: Implement output compression for qcow2 files
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 71c4301909cb307def02ebcd0e89beee4138e7f2)
---
lib/qemuNBD.ml | 11 +++++++++--
lib/qemuNBD.mli | 5 +++++
output/output.ml | 39 ++++++++++++++++++++++++++++++++++++---
output/output.mli | 1 +
4 files changed, 51 insertions(+), 5 deletions(-)
diff --git a/lib/qemuNBD.ml b/lib/qemuNBD.ml
index ae21b17c..bbb65f41 100644
--- a/lib/qemuNBD.ml
+++ b/lib/qemuNBD.ml
@@ -55,14 +55,16 @@ type cmd = {
disk : string;
mutable snapshot : bool;
mutable format : string option;
+ mutable imgopts : bool;
}
-let create disk = { disk; snapshot = false; format = None }
+let create disk = { disk; snapshot = false; format = None; imgopts = false }
let set_snapshot cmd snap = cmd.snapshot <- snap
let set_format cmd format = cmd.format <- format
+let set_image_opts cmd imgopts = cmd.imgopts <- imgopts
-let run_unix socket { disk; snapshot; format } =
+let run_unix socket { disk; snapshot; format; imgopts } =
assert (disk <> "");
(* Create a temporary directory where we place the PID file. *)
@@ -85,6 +87,11 @@ let run_unix socket { disk; snapshot; format } =
(* -s adds a protective overlay. *)
if snapshot then List.push_back args "-s";
+ (* --image-opts reinterprets the filename parameter as a set of
+ * image options.
+ *)
+ if imgopts then List.push_back args "--image-opts";
+
if have_selinux && qemu_nbd_has_selinux_label_option () then (
List.push_back args "--selinux-label";
List.push_back args "system_u:object_r:svirt_socket_t:s0"
diff --git a/lib/qemuNBD.mli b/lib/qemuNBD.mli
index e10d3106..afe9d944 100644
--- a/lib/qemuNBD.mli
+++ b/lib/qemuNBD.mli
@@ -43,6 +43,11 @@ val set_snapshot : cmd -> bool -> unit
val set_format : cmd -> string option -> unit
(** Set the format [--format] parameter. *)
+val set_image_opts : cmd -> bool -> unit
+(** Set whether the [--image-opts] parameter is used. This changes
+ the meaning of the [filename] parameter to a set of image options.
+ Consult the qemu-nbd man page for more details. *)
+
val run_unix : string -> cmd -> string * int
(** Start qemu-nbd command listening on a Unix domain socket,
waiting for the process to start up.
diff --git a/output/output.ml b/output/output.ml
index 5c6670b9..23c3932d 100644
--- a/output/output.ml
+++ b/output/output.ml
@@ -69,7 +69,7 @@ let error_if_disk_count_gt dir n =
if Sys.file_exists socket then
error (f_"this output module doesn't support copying more than %d disks") n
-let output_to_local_file ?(changeuid = fun f -> f ())
+let output_to_local_file ?(changeuid = fun f -> f ()) ?(compressed = false)
output_alloc output_format filename size socket =
(* Check nbdkit is installed and has the required plugin. *)
if not (Nbdkit.is_installed ()) then
@@ -78,6 +78,24 @@ let output_to_local_file ?(changeuid = fun f -> f ())
error (f_"nbdkit-file-plugin is not installed or not working");
let nbdkit_config = Nbdkit.config () in
+ if compressed then (
+ (* Only allow compressed with -of qcow2. *)
+ if output_format <> "qcow2" then
+ error (f_"-oo compressed is only allowed when the output format \
+ is a local qcow2-format file, i.e. -of qcow2");
+
+ (* Check nbdcopy is new enough. This assumes that the version of
+ * libnbd is the same as the version of nbdcopy, but parsing this
+ * is easier. We can remove this check when we build-depend on
+ * libnbd >= 1.14.
+ *)
+ let version =
+ NBD.create () |> NBD.get_version |>
+ String.nsplit "." |> List.map int_of_string in
+ if version < [1; 13; 5] then
+ error (f_"-oo compressed option requires nbdcopy >= 1.13.5")
+ );
+
let g = open_guestfs () in
let preallocation =
match output_alloc with
@@ -103,9 +121,24 @@ let output_to_local_file ?(changeuid = fun f -> f ())
On_exit.kill pid
| "qcow2" ->
- let cmd = QemuNBD.create filename in
+ let cmd =
+ if compressed then (
+ let qemu_quote str = String.replace str "," ",," in
+ let image_opts = [ "driver=compress";
+ "file.driver=qcow2";
+ "file.file.driver=file";
+ "file.file.filename=" ^ qemu_quote filename ] in
+ let image_opts = String.concat "," image_opts in
+ let cmd = QemuNBD.create image_opts in
+ QemuNBD.set_image_opts cmd true;
+ cmd
+ )
+ else (* not compressed *) (
+ let cmd = QemuNBD.create filename in
+ QemuNBD.set_format cmd (Some "qcow2");
+ cmd
+ ) in
QemuNBD.set_snapshot cmd false;
- QemuNBD.set_format cmd (Some "qcow2");
let _, pid = QemuNBD.run_unix socket cmd in
On_exit.kill pid
diff --git a/output/output.mli b/output/output.mli
index 8d3d6865..c1f0f53d 100644
--- a/output/output.mli
+++ b/output/output.mli
@@ -84,6 +84,7 @@ val error_if_disk_count_gt : string -> int -> unit
called. *)
val output_to_local_file : ?changeuid:((unit -> unit) -> unit) ->
+ ?compressed:bool ->
Types.output_allocation ->
string -> string -> int64 -> string ->
unit

View File

@ -0,0 +1,272 @@
From ca3643d06eed2de22cb81ad2eb13ba7f75c0487e Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 28 Jan 2022 09:30:58 +0000
Subject: [PATCH] -o disk, -o libvirt, -o qemu: Implement -of qcow2 -oo
compressed
For various output modes, implement -oo compressed which can be used
to generate compressed qcow2 files. This option was dropped when
modularizing virt-v2v, and required changes to nbdcopy which are
finally upstream in libnbd >= 1.13.5.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2047660
Fixes: commit 255722cbf39afc0b012e2ac00d16fa6ba2f8c21f
Reported-by: Xiaodai Wang
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 53690a0c602a4286fdb9408fdf6a01cc352697ec)
---
TODO | 14 --------------
output/output_disk.ml | 29 +++++++++++++++++++++--------
output/output_libvirt.ml | 31 ++++++++++++++++++++++---------
output/output_qemu.ml | 38 +++++++++++++++++++++-----------------
4 files changed, 64 insertions(+), 48 deletions(-)
diff --git a/TODO b/TODO
index f578d506..04b1dd20 100644
--- a/TODO
+++ b/TODO
@@ -1,17 +1,3 @@
-virt-v2v -o disk|qemu -oo compressed
-------------------------------------
-
-This was temporarily dropped when I modularized virt-v2v. It would
-not be too difficult to add it back. The following is the qemu-nbd
-command required (to be run as the output helper) which creates a
-compressed qcow2 disk image:
-
-$ qemu-nbd --image-opts driver=compress,file.driver=qcow2,file.file.driver=file,file.file.filename=new.qcow2
-
-Note this requires fixes in nbdcopy so it obeys the advertised block
-alignment:
-https://lists.gnu.org/archive/html/qemu-block/2022-01/threads.html#00729
-
virt-v2v -o rhv-upload
----------------------
diff --git a/output/output_disk.ml b/output/output_disk.ml
index bc5b4e1c..abcfcdc0 100644
--- a/output/output_disk.ml
+++ b/output/output_disk.ml
@@ -30,7 +30,7 @@ open Create_libvirt_xml
open Output
module Disk = struct
- type poptions = Types.output_allocation * string * string * string
+ type poptions = bool * Types.output_allocation * string * string * string
type t = unit
@@ -41,11 +41,21 @@ module Disk = struct
| None -> ""
let query_output_options () =
- printf (f_"No output options can be used in this mode.\n")
+ printf (f_"Output options that can be used with -o disk:
+
+ -oo compressed Compress the output file (used only with -of qcow2)
+")
let parse_options options source =
- if options.output_options <> [] then
- error (f_"no -oo (output options) are allowed here");
+ let compressed = ref false in
+ List.iter (
+ function
+ | "compressed", "" -> compressed := true
+ | "compressed", v -> compressed := bool_of_string v
+ | k, _ ->
+ error (f_"-o disk: unknown output option -oo %s") k
+ ) options.output_options;
+
if options.output_password <> None then
error_option_cannot_be_used_in_output_mode "local" "-op";
@@ -60,11 +70,13 @@ module Disk = struct
let output_name = Option.default source.s_name options.output_name in
- options.output_alloc, options.output_format, output_name, output_storage
+ !compressed, options.output_alloc, options.output_format,
+ output_name, output_storage
let setup dir options source =
let disks = get_disks dir in
- let output_alloc, output_format, output_name, output_storage = options in
+ let compressed, output_alloc, output_format, output_name, output_storage =
+ options in
List.iter (
fun (i, size) ->
@@ -73,11 +85,12 @@ module Disk = struct
(* Create the actual output disk. *)
let outdisk = disk_path output_storage output_name i in
- output_to_local_file output_alloc output_format outdisk size socket
+ output_to_local_file ~compressed output_alloc output_format
+ outdisk size socket
) disks
let finalize dir options () source inspect target_meta =
- let output_alloc, output_format, output_name, output_storage = options in
+ let _, output_alloc, output_format, output_name, output_storage = options in
(* Convert metadata to libvirt XML. *)
(match target_meta.target_firmware with
diff --git a/output/output_libvirt.ml b/output/output_libvirt.ml
index e0d3432d..04b4c5f8 100644
--- a/output/output_libvirt.ml
+++ b/output/output_libvirt.ml
@@ -32,7 +32,7 @@ open Create_libvirt_xml
open Output
module Libvirt_ = struct
- type poptions = Libvirt.rw Libvirt.Connect.t Lazy.t *
+ type poptions = Libvirt.rw Libvirt.Connect.t Lazy.t * bool *
Types.output_allocation * string * string * string
type t = string * string
@@ -44,11 +44,21 @@ module Libvirt_ = struct
| None -> ""
let query_output_options () =
- printf (f_"No output options can be used in this mode.\n")
+ printf (f_"Output options that can be used with -o libvirt:
+
+ -oo compressed Compress the output file (used only with -of qcow2)
+")
let parse_options options source =
- if options.output_options <> [] then
- error (f_"no -oo (output options) are allowed here");
+ let compressed = ref false in
+ List.iter (
+ function
+ | "compressed", "" -> compressed := true
+ | "compressed", v -> compressed := bool_of_string v
+ | k, _ ->
+ error (f_"-o disk: unknown output option -oo %s") k
+ ) options.output_options;
+
if options.output_password <> None then
error_option_cannot_be_used_in_output_mode "libvirt" "-op";
@@ -59,12 +69,13 @@ module Libvirt_ = struct
let output_name = Option.default source.s_name options.output_name in
- (conn, options.output_alloc, options.output_format, output_name,
- output_pool)
+ (conn, !compressed, options.output_alloc, options.output_format,
+ output_name, output_pool)
let setup dir options source =
let disks = get_disks dir in
- let conn, output_alloc, output_format, output_name, output_pool = options in
+ let conn, compressed, output_alloc, output_format,
+ output_name, output_pool = options in
let conn = Lazy.force conn in
(* Get the capabilities from libvirt. *)
@@ -119,13 +130,15 @@ module Libvirt_ = struct
(* Create the actual output disk. *)
let outdisk = target_path // output_name ^ "-sd" ^ (drive_name i) in
- output_to_local_file output_alloc output_format outdisk size socket
+ output_to_local_file ~compressed output_alloc output_format
+ outdisk size socket
) disks;
(capabilities_xml, pool_name)
let rec finalize dir options t source inspect target_meta =
- let conn, output_alloc, output_format, output_name, output_pool = options in
+ let conn, _, output_alloc, output_format, output_name, output_pool =
+ options in
let capabilities_xml, pool_name = t in
(match target_meta.target_firmware with
diff --git a/output/output_qemu.ml b/output/output_qemu.ml
index 527d3c5e..e7efbb73 100644
--- a/output/output_qemu.ml
+++ b/output/output_qemu.ml
@@ -29,7 +29,8 @@ open Utils
open Output
module QEMU = struct
- type poptions = bool * Types.output_allocation * string * string * string
+ type poptions = bool * bool *
+ Types.output_allocation * string * string * string
type t = unit
@@ -42,6 +43,7 @@ module QEMU = struct
let query_output_options () =
printf (f_"Output options (-oo) which can be used with -o qemu:
+ -oo compressed Compress the output file (used only with -of qcow2)
-oo qemu-boot Boot the guest in qemu after conversion
")
@@ -49,19 +51,19 @@ module QEMU = struct
if options.output_password <> None then
error_option_cannot_be_used_in_output_mode "qemu" "-op";
- let qemu_boot = ref false in
+ let compressed = ref false
+ and qemu_boot = ref false in
List.iter (
- fun (k, v) ->
- match k with
- | "qemu-boot" ->
- if v = "" || v = "true" then qemu_boot := true
- else if v = "false" then qemu_boot := false
- else
- error (f_"-o qemu: use -oo qemu-boot[=true|false]")
- | k ->
- error (f_"-o qemu: unknown output option -oo %s") k
- ) options.output_options;
- let qemu_boot = !qemu_boot in
+ function
+ | "compressed", "" -> compressed := true
+ | "compressed", v -> compressed := bool_of_string v
+ | "qemu-boot", "" -> qemu_boot := true
+ | "qemu-boot", v -> qemu_boot := bool_of_string v
+ | k, _ ->
+ error (f_"-o qemu: unknown output option -oo %s") k
+ ) options.output_options;
+ let compressed = !compressed
+ and qemu_boot = !qemu_boot in
if qemu_boot then
error (f_"-o qemu: the -oo qemu-boot option cannot be used in RHEL");
@@ -77,12 +79,13 @@ module QEMU = struct
let output_name = Option.default source.s_name options.output_name in
- (qemu_boot, options.output_alloc, options.output_format,
+ (compressed, qemu_boot, options.output_alloc, options.output_format,
output_name, output_storage)
let setup dir options source =
let disks = get_disks dir in
- let _, output_alloc, output_format, output_name, output_storage = options in
+ let compressed, _, output_alloc, output_format,
+ output_name, output_storage = options in
List.iter (
fun (i, size) ->
@@ -91,11 +94,12 @@ module QEMU = struct
(* Create the actual output disk. *)
let outdisk = disk_path output_storage output_name i in
- output_to_local_file output_alloc output_format outdisk size socket
+ output_to_local_file ~compressed output_alloc output_format
+ outdisk size socket
) disks
let finalize dir options () source inspect target_meta =
- let qemu_boot, output_alloc, output_format,
+ let _, qemu_boot, output_alloc, output_format,
output_name, output_storage = options in
let { guestcaps; target_buses; target_firmware } = target_meta in

View File

@ -0,0 +1,114 @@
From 672b9795e85b48f337b3da2d6fa393e7788d79a1 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 1 Jul 2022 11:18:53 +0100
Subject: [PATCH] tests: Add a simple test of -o local -of qcow2 -oo compressed
This only tests that it doesn't completely fail, which it did before
we fixed nbdcopy. I checked the file sizes manually and with
compression the resulting file is about half the size.
This test is a clone of tests/test-v2v-of-option.sh. In order to
compare the sizes across the two tests, and to keep the tests fairly
similar I added an ls -l command to the original test.
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 7505750972b49e1a448c519a27998bd5f20be60a)
---
tests/Makefile.am | 2 +
tests/test-v2v-o-local-qcow2-compressed.sh | 53 ++++++++++++++++++++++
tests/test-v2v-of-option.sh | 2 +
3 files changed, 57 insertions(+)
create mode 100755 tests/test-v2v-o-local-qcow2-compressed.sh
diff --git a/tests/Makefile.am b/tests/Makefile.am
index e787a86c..a26ecf7a 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -82,6 +82,7 @@ TESTS = \
test-v2v-networks-and-bridges.sh \
test-v2v-o-glance.sh \
test-v2v-o-libvirt.sh \
+ test-v2v-o-local-qcow2-compressed.sh \
test-v2v-o-null.sh \
test-v2v-o-openstack.sh \
test-v2v-o-qemu.sh \
@@ -241,6 +242,7 @@ EXTRA_DIST += \
test-v2v-networks-and-bridges-expected.xml \
test-v2v-o-glance.sh \
test-v2v-o-libvirt.sh \
+ test-v2v-o-local-qcow2-compressed.sh \
test-v2v-o-null.sh \
test-v2v-o-openstack.sh \
test-v2v-o-qemu.sh \
diff --git a/tests/test-v2v-o-local-qcow2-compressed.sh b/tests/test-v2v-o-local-qcow2-compressed.sh
new file mode 100755
index 00000000..32c9ebbe
--- /dev/null
+++ b/tests/test-v2v-o-local-qcow2-compressed.sh
@@ -0,0 +1,53 @@
+#!/bin/bash -
+# libguestfs virt-v2v test script
+# Copyright (C) 2014-2022 Red Hat Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+# Test -o local -of qcow2 -oo compressed.
+
+set -e
+
+source ./functions.sh
+set -e
+set -x
+
+skip_if_skipped
+requires test -f ../test-data/phony-guests/windows.img
+
+# This requires fixed nbdcopy >= 1.13.5.
+requires nbdcopy --version
+nbdcopy --version | {
+ IFS=' .' read name major minor release
+ requires test \( "$major" -gt 1 \) -o \
+ \( "$major" -eq 1 -a "$minor" -gt 13 \) -o \
+ \( "$major" -eq 1 -a "$minor" -eq 13 -a "$release" -ge 5 \)
+}
+
+export VIRT_TOOLS_DATA_DIR="$srcdir/../test-data/fake-virt-tools"
+
+d=test-v2v-o-local-qcow2-compressed.d
+rm -rf $d
+cleanup_fn rm -rf $d
+mkdir $d
+
+$VG virt-v2v --debug-gc \
+ -i disk ../test-data/phony-guests/windows.img \
+ -o local -of qcow2 -oo compressed -os $d
+
+# Test the libvirt XML metadata and a disk was created.
+ls -l $d
+test -f $d/windows.xml
+test -f $d/windows-sda
diff --git a/tests/test-v2v-of-option.sh b/tests/test-v2v-of-option.sh
index bdfd3418..6c5f5938 100755
--- a/tests/test-v2v-of-option.sh
+++ b/tests/test-v2v-of-option.sh
@@ -42,6 +42,8 @@ $VG virt-v2v --debug-gc \
-i libvirt -ic "$libvirt_uri" windows \
-o local -os $d -of qcow2
+ls -l $d
+
# Test the disk is qcow2 format.
if [ "$(guestfish disk-format $d/windows-sda)" != qcow2 ]; then
echo "$0: test failed: output is not qcow2"

View File

@ -0,0 +1,47 @@
From b61a03ad272bb08ff5ca757ade6a23bfef34fdc9 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 5 Jul 2022 11:56:54 +0100
Subject: [PATCH] RHEL 9: -oo compressed: Remove nbdcopy version check and test
In RHEL 9 nbdcopy 1.12.4-2 will be sufficient (vs nbdcopy 1.13.5
upstream). We will enforce this through RPM dependencies and test it
separately. Thus remove the version check and test.
---
output/output.ml | 11 -----------
tests/Makefile.am | 1 -
2 files changed, 12 deletions(-)
diff --git a/output/output.ml b/output/output.ml
index 23c3932d..496c32b6 100644
--- a/output/output.ml
+++ b/output/output.ml
@@ -83,17 +83,6 @@ let output_to_local_file ?(changeuid = fun f -> f ()) ?(compressed = false)
if output_format <> "qcow2" then
error (f_"-oo compressed is only allowed when the output format \
is a local qcow2-format file, i.e. -of qcow2");
-
- (* Check nbdcopy is new enough. This assumes that the version of
- * libnbd is the same as the version of nbdcopy, but parsing this
- * is easier. We can remove this check when we build-depend on
- * libnbd >= 1.14.
- *)
- let version =
- NBD.create () |> NBD.get_version |>
- String.nsplit "." |> List.map int_of_string in
- if version < [1; 13; 5] then
- error (f_"-oo compressed option requires nbdcopy >= 1.13.5")
);
let g = open_guestfs () in
diff --git a/tests/Makefile.am b/tests/Makefile.am
index a26ecf7a..47e5f10d 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -82,7 +82,6 @@ TESTS = \
test-v2v-networks-and-bridges.sh \
test-v2v-o-glance.sh \
test-v2v-o-libvirt.sh \
- test-v2v-o-local-qcow2-compressed.sh \
test-v2v-o-null.sh \
test-v2v-o-openstack.sh \
test-v2v-o-qemu.sh \

View File

@ -0,0 +1,22 @@
From 8a8ff53b7d438e82085d52199d21c980a54c733d Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 5 Jul 2022 11:58:09 +0100
Subject: [PATCH] RHEL 9: tests: Remove btrfs test
RHEL does not have btrfs so this test always fails.
---
tests/Makefile.am | 1 -
1 file changed, 1 deletion(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 47e5f10d..9560cc77 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -96,7 +96,6 @@ TESTS = \
test-v2v-sound.sh \
test-v2v-virtio-win-iso.sh \
test-v2v-fedora-conversion.sh \
- test-v2v-fedora-btrfs-conversion.sh \
test-v2v-fedora-luks-on-lvm-conversion.sh \
test-v2v-fedora-lvm-on-luks-conversion.sh \
test-v2v-fedora-md-conversion.sh \

View File

@ -0,0 +1,80 @@
From ba2963bc57c8c8a3d6f7cc2fd274c9ebd4ddb7d8 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 6 Jul 2022 12:32:15 +0200
Subject: [PATCH] convert/convert_linux: complete the remapping of NVMe devices
In commit 75872bf282d7 ("input: -i vmx: Add support for NVMe devices",
2022-04-08), we missed that pathnames such as
/dev/nvme0n1[p1]
would not match our "rex_device_cciss" and "rex_device" regular
expressions.
As a consequence, we don't remap such pathnames now in the boot config
files with Augeas.
Add a new regex and associated mapping logic for this kind of pathname.
Notes:
(1) "rex_device_cciss" could be extended internally with an alternative
pattern:
^/dev/(cciss/c\\d+d\\d+|nvme\\d+n1)(?:p(\\d+))?$
^^^^^^^^^^^
but Rich suggested we should add a separate, complete regexp for
maintainability.
(2) Even with a separate regexp, we could reuse the existent CCISS pattern
handler:
if PCRE.matches rex_device_cciss value ||
PCRE.matches rex_device_nvme value then (
let device = PCRE.sub 1
and part = try PCRE.sub 2 with Not_found -> "" in
"/dev/" ^ replace device ^ part
)
Namely, although "PCRE.matches" creates/updates global state, and
"PCRE.sub" reads that state, the "||" operator in OCaml has short-circuit
behavior, and both regexps have the same structure.
But, using the same maintainability argument, let's keep the handler logic
for NVMe detached.
Fixes: 75872bf282d7f2322110caca70963717b43806b1
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2101665
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220706103215.5607-1-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 4368b94ee1724c16aa35c0ee42ce4c51ce037b5a)
---
convert/convert_linux.ml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/convert/convert_linux.ml b/convert/convert_linux.ml
index 59d143bd..a66ff1e4 100644
--- a/convert/convert_linux.ml
+++ b/convert/convert_linux.ml
@@ -1199,6 +1199,7 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ =
(* Map device names for each entry. *)
let rex_resume = PCRE.compile "^resume=(/dev/[-a-z\\d/_]+)(.*)$"
and rex_device_cciss = PCRE.compile "^/dev/(cciss/c\\d+d\\d+)(?:p(\\d+))?$"
+ and rex_device_nvme = PCRE.compile "^/dev/(nvme\\d+n1)(?:p(\\d+))?$"
and rex_device = PCRE.compile "^/dev/([a-z]+)(\\d*)?$" in
let rec replace_if_device path value =
@@ -1221,6 +1222,11 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ =
and part = try PCRE.sub 2 with Not_found -> "" in
"/dev/" ^ replace device ^ part
)
+ else if PCRE.matches rex_device_nvme value then (
+ let device = PCRE.sub 1
+ and part = try PCRE.sub 2 with Not_found -> "" in
+ "/dev/" ^ replace device ^ part
+ )
else if PCRE.matches rex_device value then (
let device = PCRE.sub 1
and part = try PCRE.sub 2 with Not_found -> "" in

View File

@ -0,0 +1,49 @@
From c34fe9a52abdde05cb31c5bd2c99237652e1b0dc Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 11 Jul 2022 09:01:56 +0200
Subject: [PATCH] input-xen: sync "-ip" limitations language from input-vmware
manual
My analysis in <https://bugzilla.redhat.com/show_bug.cgi?id=1854275#c33>
was partially wrong; I had missed that for the xen+ssh transport, the
client-side libvirt library launches a naked "ssh" utility, underneath
"Libvirt.Connect.connect_auth":
setup [input/input_xen_ssh.ml]
Libvirt.Connect.connect_auth
no effect of "-ip"
Nbdkit_ssh.create_ssh [input/nbdkit_ssh.ml]
starts nbdkit with the ssh
plugin honoring "-ip"
Which requires a password just the same, and ignores "-ip" just the same.
Recommend the ssh agent in the docs.
Fixes: 46298c6514710013c59828b4933f0b3b1a354566
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1854275
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2062360
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220711070157.5399-2-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit ae067a9ce0eb5631940a8cc5dcc5ee056903276b)
---
docs/virt-v2v-input-xen.pod | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/docs/virt-v2v-input-xen.pod b/docs/virt-v2v-input-xen.pod
index ad5772de..80ad94f7 100644
--- a/docs/virt-v2v-input-xen.pod
+++ b/docs/virt-v2v-input-xen.pod
@@ -32,6 +32,11 @@ server to the Xen host. For example:
$ ssh root@xen.example.com
[ logs straight into the shell, no password is requested ]
+Note that support for non-interactive authentication via the I<-ip>
+option is incomplete. Some operations remain that still require the
+user to enter the password manually. Therefore ssh-agent is recommended
+over the I<-ip> option. See L<https://bugzilla.redhat.com/1854275>.
+
With some modern ssh implementations, legacy crypto policies required
to interoperate with RHEL 5 sshd are disabled. To enable them you may
need to run this command on the conversion server (ie. ssh client),

View File

@ -0,0 +1,82 @@
From 3f7f730ac9cbf38267839ffcebd6b6fd721123c5 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Mon, 11 Jul 2022 09:01:57 +0200
Subject: [PATCH] input-xen: replace "enable LEGACY crypto" advice with
targeted ssh options
- "KexAlgorithms": the Fedora 35 ssh binary, using the DEFAULT
crypto-policy, cannot log in to RHEL5 sshd without relaxing
"KexAlgorithms". The server offers three algorithms:
"diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1",
"diffie-hellman-group1-sha1"; and according to RFC 9142,
"diffie-hellman-group14-sha1" is the least deprecated from those. (The
RFC marks it as MAY be implemented, and marks the other two as SHOULD
NOT be implemented.) Recommend "diffie-hellman-group14-sha1".
- "MACs": the Fedora 35 ssh binary, using the FUTURE crypto-policy, cannot
log in to RHEL5 sshd without relaxing "MACs". The server offers
"hmac-md5", "hmac-sha1", "hmac-ripemd160", "hmac-ripemd160@openssh.com",
"hmac-sha1-96", "hmac-md5-96". After eliminating the MD5-based algos
(MD5 is considered completely broken), and the one based on truncated
SHA1, we're left with "hmac-sha1", "hmac-ripemd160", and
"hmac-ripemd160@openssh.com". RIPEMD-160 is generally trusted, but it is
compiled out of the Fedora 35 "ssh" client binary. Therefore only
"hmac-sha1" remains.
- "HostKeyAlgorithms", "PubkeyAcceptedAlgorithms": these options control
the usage of public key algorithms, for authenticating the server to the
client, and vice versa, respectively. RHEL5 sshd only supports "ssh-rsa"
and "ssh-dss", and from those, "ssh-rsa" is more commonly used (for
example, "ssh-keygen" defaults to creating "ssh-rsa" keys). Recommend
"ssh-rsa".
- "PubkeyAcceptedKeyTypes": this is the old ("legacy") name for
"PubkeyAcceptedAlgorithms". As of this writing, the latest upstream
release of libssh (also packaged in Fedora 35 -- libssh-0.9.6-1.fc35)
does not recognize the new "PubkeyAcceptedAlgorithms" option name, only
the original "PubkeyAcceptedKeyTypes". openssh-8.7p1-3.fc35 recognizes
both option variants. Include "PubkeyAcceptedKeyTypes" in the
recommendation along with "PubkeyAcceptedAlgorithms", for backward and
forward compatbility.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2062360
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220711070157.5399-3-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit af4a0454cdd21bb5e86f2dbfaa153e83afca3988)
---
docs/virt-v2v-input-xen.pod | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/docs/virt-v2v-input-xen.pod b/docs/virt-v2v-input-xen.pod
index 80ad94f7..1775fc31 100644
--- a/docs/virt-v2v-input-xen.pod
+++ b/docs/virt-v2v-input-xen.pod
@@ -37,12 +37,22 @@ option is incomplete. Some operations remain that still require the
user to enter the password manually. Therefore ssh-agent is recommended
over the I<-ip> option. See L<https://bugzilla.redhat.com/1854275>.
-With some modern ssh implementations, legacy crypto policies required
-to interoperate with RHEL 5 sshd are disabled. To enable them you may
-need to run this command on the conversion server (ie. ssh client),
-but read L<update-crypto-policies(8)> first:
+With some modern ssh implementations, legacy crypto algorithms required
+to interoperate with RHEL 5 sshd are disabled. To enable them, you may
+need to add the following C<Host> stanza to your F<~/.ssh/config>:
- # update-crypto-policies --set LEGACY
+ Host xen.example.com
+ KexAlgorithms +diffie-hellman-group14-sha1
+ MACs +hmac-sha1
+ HostKeyAlgorithms +ssh-rsa
+ PubkeyAcceptedKeyTypes +ssh-rsa
+ PubkeyAcceptedAlgorithms +ssh-rsa
+
+(C<PubkeyAcceptedKeyTypes> and C<PubkeyAcceptedAlgorithms> have
+identical meaning; the former is the old option name, the latter is the
+new one. Virt-v2v uses both C<libssh> and C<ssh> when converting a guest
+from Xen, and on some operating systems, C<libssh> and C<ssh> may not
+both accept the same option variant.)
=head2 Test libvirt connection to remote Xen host

View File

@ -0,0 +1,172 @@
From ea881513e9c15b0a816d3ba4afe471ff2f591a03 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 14 Jul 2022 12:44:27 +0100
Subject: [PATCH] common: Adapt to renamed function On_exit.rmdir ->
On_exit.rm_rf
This function was renamed to make it clearer what it does (and that
it's potentially dangerous). The functionality is unchanged.
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 2eb6441264deb0411d36dabaf8fb2da9f07c8439)
---
common | 2 +-
input/OVA.ml | 2 +-
input/parse_domain_from_vmx.ml | 2 +-
lib/nbdkit.ml | 2 +-
lib/qemuNBD.ml | 2 +-
lib/utils.ml | 2 +-
output/python_script.ml | 2 +-
7 files changed, 7 insertions(+), 7 deletions(-)
Submodule common af6cb55b..fd964c1b:
diff --git a/common/mlcustomize/guest_packages.ml b/common/mlcustomize/guest_packages.ml
index 4c3c34ed..7c29a2ab 100644
--- a/common/mlcustomize/guest_packages.ml
+++ b/common/mlcustomize/guest_packages.ml
@@ -73,9 +73,9 @@ let install_command packages package_management =
| "zypper" -> sprintf "zypper -n in -l %s" quoted_args
| "unknown" ->
- error_unknown_package_manager (s_"--install")
+ error_unknown_package_manager "--install"
| pm ->
- error_unimplemented_package_manager (s_"--install") pm
+ error_unimplemented_package_manager "--install" pm
let update_command package_management =
match package_management with
@@ -103,9 +103,9 @@ let update_command package_management =
| "zypper" -> "zypper -n update -l"
| "unknown" ->
- error_unknown_package_manager (s_"--update")
+ error_unknown_package_manager "--update"
| pm ->
- error_unimplemented_package_manager (s_"--update") pm
+ error_unimplemented_package_manager "--update" pm
let uninstall_command packages package_management =
let quoted_args = String.concat " " (List.map quote packages) in
@@ -127,6 +127,6 @@ let uninstall_command packages package_management =
| "zypper" -> sprintf "zypper -n rm %s" quoted_args
| "unknown" ->
- error_unknown_package_manager (s_"--uninstall")
+ error_unknown_package_manager "--uninstall"
| pm ->
- error_unimplemented_package_manager (s_"--uninstall") pm
+ error_unimplemented_package_manager "--uninstall" pm
diff --git a/common/mltools/on_exit.ml b/common/mltools/on_exit.ml
index 53ccb68a..cae12e73 100644
--- a/common/mltools/on_exit.ml
+++ b/common/mltools/on_exit.ml
@@ -52,7 +52,7 @@ let do_actions () =
List.iter (do_action (fun file -> Unix.unlink file)) !files;
List.iter (do_action (
fun dir ->
- let cmd = sprintf "rm -rf %s" (Filename.quote dir) in
+ let cmd = sprintf "rm -rf -- %s" (Filename.quote dir) in
ignore (Tools_utils.shell_command cmd)
)
) !rmdirs;
@@ -102,7 +102,7 @@ let unlink filename =
register ();
List.push_front filename files
-let rmdir dir =
+let rm_rf dir =
register ();
List.push_front dir rmdirs
diff --git a/common/mltools/on_exit.mli b/common/mltools/on_exit.mli
index a02e3db3..9bcf104f 100644
--- a/common/mltools/on_exit.mli
+++ b/common/mltools/on_exit.mli
@@ -47,7 +47,7 @@ val f : (unit -> unit) -> unit
val unlink : string -> unit
(** Unlink a single temporary file on exit. *)
-val rmdir : string -> unit
+val rm_rf : string -> unit
(** Recursively remove a temporary directory on exit (using [rm -rf]). *)
val kill : ?signal:int -> int -> unit
diff --git a/input/OVA.ml b/input/OVA.ml
index 9e9c3712..09ceee98 100644
--- a/input/OVA.ml
+++ b/input/OVA.ml
@@ -78,7 +78,7 @@ let rec parse_ova ova =
else (
let tmpdir =
let t = Mkdtemp.temp_dir ~base_dir:large_tmpdir "ova." in
- On_exit.rmdir t;
+ On_exit.rm_rf t;
t in
match detect_file_type ova with
diff --git a/input/parse_domain_from_vmx.ml b/input/parse_domain_from_vmx.ml
index 947ca414..7aca2c24 100644
--- a/input/parse_domain_from_vmx.ml
+++ b/input/parse_domain_from_vmx.ml
@@ -375,7 +375,7 @@ and find_nics vmx =
let parse_domain_from_vmx vmx_source =
let tmpdir =
let t = Mkdtemp.temp_dir "vmx." in
- On_exit.rmdir t;
+ On_exit.rm_rf t;
t in
(* If the transport is SSH, fetch the file from remote, else
diff --git a/lib/nbdkit.ml b/lib/nbdkit.ml
index 07896684..1137b6bb 100644
--- a/lib/nbdkit.ml
+++ b/lib/nbdkit.ml
@@ -105,7 +105,7 @@ let add_filter_if_available cmd filter =
let run_unix socket cmd =
(* Create a temporary directory where we place the PID file. *)
let piddir = Mkdtemp.temp_dir "v2vnbdkit." in
- On_exit.rmdir piddir;
+ On_exit.rm_rf piddir;
let id = unique () in
let pidfile = piddir // sprintf "nbdkit%d.pid" id in
diff --git a/lib/qemuNBD.ml b/lib/qemuNBD.ml
index bbb65f41..c3dd1666 100644
--- a/lib/qemuNBD.ml
+++ b/lib/qemuNBD.ml
@@ -69,7 +69,7 @@ let run_unix socket { disk; snapshot; format; imgopts } =
(* Create a temporary directory where we place the PID file. *)
let piddir = Mkdtemp.temp_dir "v2vqemunbd." in
- On_exit.rmdir piddir;
+ On_exit.rm_rf piddir;
let id = unique () in
let pidfile = piddir // sprintf "qemunbd%d.pid" id in
diff --git a/lib/utils.ml b/lib/utils.ml
index 7116a4f9..84b9a93f 100644
--- a/lib/utils.ml
+++ b/lib/utils.ml
@@ -204,7 +204,7 @@ let error_if_no_ssh_agent () =
let create_v2v_directory () =
let d = Mkdtemp.temp_dir "v2v." in
chown_for_libvirt_rhbz_1045069 d;
- On_exit.rmdir d;
+ On_exit.rm_rf d;
d
(* Wait for a file to appear until a timeout. *)
diff --git a/output/python_script.ml b/output/python_script.ml
index 54ccd1b5..ecf46c2d 100644
--- a/output/python_script.ml
+++ b/output/python_script.ml
@@ -33,7 +33,7 @@ type script = {
let create ?(name = "script.py") code =
let tmpdir = Mkdtemp.temp_dir "v2v." in
- On_exit.rmdir tmpdir;
+ On_exit.rm_rf tmpdir;
let path = tmpdir // name in
with_open_out path (fun chan -> output_string chan code);
{ tmpdir; path }

View File

@ -0,0 +1,171 @@
From 0d92a42aab3fb0e7569294675666976724156128 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 14 Jul 2022 13:15:49 +0100
Subject: [PATCH] -o rhv: Unmount the temporary NFS mountpoint as late as
possible
To partially avoid a potential race against nbdkit or qemu-nbd
releasing files on the mountpoint before they exit, unmount as late as
we can.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1953286#c26
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit e96357fc3b26aaf96eaa21afa36c894a27af6261)
---
common | 2 +-
output/output_rhv.ml | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
Submodule common fd964c1b..1000604f:
diff --git a/common/mltools/on_exit.ml b/common/mltools/on_exit.ml
index cae12e73..f8ef74e1 100644
--- a/common/mltools/on_exit.ml
+++ b/common/mltools/on_exit.ml
@@ -23,39 +23,39 @@ open Common_gettext.Gettext
open Unix
open Printf
-(* List of files to unlink. *)
-let files = ref []
+type action =
+ | Unlink of string (* filename *)
+ | Rm_rf of string (* directory *)
+ | Kill of int * int (* signal, pid *)
+ | Fn of (unit -> unit) (* generic function *)
-(* List of directories to remove. *)
-let rmdirs = ref []
-
-(* List of PIDs to kill. *)
-let kills = ref []
-
-(* List of functions to call. *)
-let fns = ref []
+(* List of (priority, action). *)
+let actions = ref []
(* Perform a single exit action, printing any exception but
* otherwise ignoring failures.
*)
-let do_action f arg =
- try f arg with exn -> debug "%s" (Printexc.to_string exn)
+let do_action action =
+ try
+ match action with
+ | Unlink file -> Unix.unlink file
+ | Rm_rf dir ->
+ let cmd = sprintf "rm -rf -- %s" (Filename.quote dir) in
+ ignore (Tools_utils.shell_command cmd)
+ | Kill (signal, pid) ->
+ kill pid signal
+ | Fn f -> f ()
+ with exn -> debug "%s" (Printexc.to_string exn)
(* Make sure the actions are performed only once. *)
let done_actions = ref false
-(* Perform the exit actions. *)
+(* Perform the exit actions in priority order (lowest prio first). *)
let do_actions () =
if not !done_actions then (
- List.iter (do_action (fun f -> f ())) !fns;
- List.iter (do_action (fun (signal, pid) -> kill pid signal)) !kills;
- List.iter (do_action (fun file -> Unix.unlink file)) !files;
- List.iter (do_action (
- fun dir ->
- let cmd = sprintf "rm -rf -- %s" (Filename.quote dir) in
- ignore (Tools_utils.shell_command cmd)
- )
- ) !rmdirs;
+ let actions = List.sort (fun (a, _) (b, _) -> compare a b) !actions in
+ let actions = List.map snd actions in
+ List.iter do_action actions
);
done_actions := true
@@ -94,18 +94,18 @@ let register () =
);
registered := true
-let f fn =
+let f ?(prio = 5000) fn =
register ();
- List.push_front fn fns
+ List.push_front (prio, Fn fn) actions
-let unlink filename =
+let unlink ?(prio = 5000) filename =
register ();
- List.push_front filename files
+ List.push_front (prio, Unlink filename) actions
-let rm_rf dir =
+let rm_rf ?(prio = 5000) dir =
register ();
- List.push_front dir rmdirs
+ List.push_front (prio, Rm_rf dir) actions
-let kill ?(signal = Sys.sigterm) pid =
+let kill ?(prio = 5000) ?(signal = Sys.sigterm) pid =
register ();
- List.push_front (signal, pid) kills
+ List.push_front (prio, Kill (signal, pid)) actions
diff --git a/common/mltools/on_exit.mli b/common/mltools/on_exit.mli
index 9bcf104f..66a85542 100644
--- a/common/mltools/on_exit.mli
+++ b/common/mltools/on_exit.mli
@@ -28,6 +28,12 @@
killing another process, so we provide simple
wrappers for those common actions here.
+ Actions can be ordered by setting the optional [?prio]
+ parameter in the range 0..9999. By default actions
+ have priority 5000. Lower numbered actions run first.
+ Higher numbered actions run last. So to have an action
+ run at the very end before exit you might use [~prio:9999]
+
Note this module registers signal handlers for
SIGINT, SIGQUIT, SIGTERM and SIGHUP. This means
that any program that links with mltools.cmxa
@@ -39,18 +45,20 @@
Your cleanup action might no longer run unless the
program calls {!Stdlib.exit}. *)
-val f : (unit -> unit) -> unit
+val f : ?prio:int -> (unit -> unit) -> unit
(** Register a function [f] which runs when the program exits.
Similar to [Stdlib.at_exit] but also runs if the program is
- killed with a signal that we can catch. *)
+ killed with a signal that we can catch.
-val unlink : string -> unit
+ [?prio] is the priority, default 5000. See the description above. *)
+
+val unlink : ?prio:int -> string -> unit
(** Unlink a single temporary file on exit. *)
-val rm_rf : string -> unit
+val rm_rf : ?prio:int -> string -> unit
(** Recursively remove a temporary directory on exit (using [rm -rf]). *)
-val kill : ?signal:int -> int -> unit
+val kill : ?prio:int -> ?signal:int -> int -> unit
(** Kill [PID] on exit. The signal sent defaults to [Sys.sigterm].
Use this with care since you can end up unintentionally killing
diff --git a/output/output_rhv.ml b/output/output_rhv.ml
index 8571e07b..15a2c14a 100644
--- a/output/output_rhv.ml
+++ b/output/output_rhv.ml
@@ -204,8 +204,8 @@ module RHV = struct
if run_command cmd <> 0 then
error (f_"mount command failed, see earlier errors.\n\nThis probably means you didn't specify the right %s path [-os %s], or else you need to rerun virt-v2v as root.") domain_class os;
- (* Make sure it is unmounted at exit. *)
- On_exit.f (
+ (* Make sure it is unmounted at exit, as late as possible (prio=9999) *)
+ On_exit.f ~prio:9999 (
fun () ->
let cmd = [ "umount"; mp ] in
ignore (run_command cmd);

View File

@ -0,0 +1,179 @@
From 96efdcf54c887ae88d54332df12a5f5dd962fd0a Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 15 Jul 2022 11:25:45 +0100
Subject: [PATCH] output: Permit output modes to wait on the local NBD server
Output.output_to_local_file is used by several output modes that write
to local files or devices. It launches an instance of qemu-nbd or
nbdkit connected to the local file.
Previously we unconditionally added an On_exit handler to kill the NBD
server. This is usually safe because nbdcopy --flush has guaranteed
that the data was written through to permanent storage, and so killing
the NBD server is just there to prevent orphaned processes.
However for output to RHV (-o rhv) we actually need the NBD server to
be cleaned up before we exit. See the analysis here:
https://bugzilla.redhat.com/show_bug.cgi?id=1953286#c26
Allow an alternate strategy of waiting for the NBD server to exit
during virt-v2v shutdown.
We only need this in virt-v2v so implement it here instead of pushing
it all the way into the On_exit module.
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit e2a1a7b4dfb6a9e44260da10a7e7029c09753b5c)
---
output/output.ml | 91 ++++++++++++++++++++++++++++-------------------
output/output.mli | 17 +++++++--
2 files changed, 69 insertions(+), 39 deletions(-)
diff --git a/output/output.ml b/output/output.ml
index 496c32b6..8f83a324 100644
--- a/output/output.ml
+++ b/output/output.ml
@@ -69,7 +69,10 @@ let error_if_disk_count_gt dir n =
if Sys.file_exists socket then
error (f_"this output module doesn't support copying more than %d disks") n
+type on_exit_kill = Kill | KillAndWait
+
let output_to_local_file ?(changeuid = fun f -> f ()) ?(compressed = false)
+ ?(on_exit_kill = Kill)
output_alloc output_format filename size socket =
(* Check nbdkit is installed and has the required plugin. *)
if not (Nbdkit.is_installed ()) then
@@ -94,46 +97,60 @@ let output_to_local_file ?(changeuid = fun f -> f ()) ?(compressed = false)
fun () -> g#disk_create ?preallocation filename output_format size
);
- match output_format with
- | "raw" ->
- let cmd = Nbdkit.create "file" in
- Nbdkit.add_arg cmd "file" filename;
- if Nbdkit.version nbdkit_config >= (1, 22, 0) then (
- let cmd = Nbdkit.add_arg cmd "cache" "none" in
- cmd
- );
- let _, pid = Nbdkit.run_unix socket cmd in
+ let pid =
+ match output_format with
+ | "raw" ->
+ let cmd = Nbdkit.create "file" in
+ Nbdkit.add_arg cmd "file" filename;
+ if Nbdkit.version nbdkit_config >= (1, 22, 0) then (
+ let cmd = Nbdkit.add_arg cmd "cache" "none" in
+ cmd
+ );
+ let _, pid = Nbdkit.run_unix socket cmd in
+ pid
- (* --exit-with-parent should ensure nbdkit is cleaned
- * up when we exit, but it's not supported everywhere.
- *)
- On_exit.kill pid
+ | "qcow2" ->
+ let cmd =
+ if compressed then (
+ let qemu_quote str = String.replace str "," ",," in
+ let image_opts = [ "driver=compress";
+ "file.driver=qcow2";
+ "file.file.driver=file";
+ "file.file.filename=" ^ qemu_quote filename ] in
+ let image_opts = String.concat "," image_opts in
+ let cmd = QemuNBD.create image_opts in
+ QemuNBD.set_image_opts cmd true;
+ cmd
+ )
+ else (* not compressed *) (
+ let cmd = QemuNBD.create filename in
+ QemuNBD.set_format cmd (Some "qcow2");
+ cmd
+ ) in
+ QemuNBD.set_snapshot cmd false;
+ let _, pid = QemuNBD.run_unix socket cmd in
+ pid
- | "qcow2" ->
- let cmd =
- if compressed then (
- let qemu_quote str = String.replace str "," ",," in
- let image_opts = [ "driver=compress";
- "file.driver=qcow2";
- "file.file.driver=file";
- "file.file.filename=" ^ qemu_quote filename ] in
- let image_opts = String.concat "," image_opts in
- let cmd = QemuNBD.create image_opts in
- QemuNBD.set_image_opts cmd true;
- cmd
- )
- else (* not compressed *) (
- let cmd = QemuNBD.create filename in
- QemuNBD.set_format cmd (Some "qcow2");
- cmd
- ) in
- QemuNBD.set_snapshot cmd false;
- let _, pid = QemuNBD.run_unix socket cmd in
- On_exit.kill pid
+ | _ ->
+ error (f_"output mode only supports raw or qcow2 format (format: %s)")
+ output_format in
+
+ match on_exit_kill with
+ | Kill ->
+ (* Kill the NBD server on exit. (For nbdkit we use --exit-with-parent
+ * but it's not supported everywhere).
+ *)
+ On_exit.kill pid
- | _ ->
- error (f_"output mode only supports raw or qcow2 format (format: %s)")
- output_format
+ | KillAndWait ->
+ On_exit.f (
+ fun () ->
+ kill pid Sys.sigterm;
+ (* Errors from the NBD server don't matter. On successful
+ * completion we've already committed the data to disk.
+ *)
+ ignore (waitpid [] pid)
+ )
let disk_path os name i =
let outdisk = sprintf "%s/%s-sd%s" os name (drive_name i) in
diff --git a/output/output.mli b/output/output.mli
index c1f0f53d..c4486311 100644
--- a/output/output.mli
+++ b/output/output.mli
@@ -83,14 +83,27 @@ val error_if_disk_count_gt : string -> int -> unit
"in[n]" in the v2v directory [dir]. If the socket exists, [error] is
called. *)
+type on_exit_kill = Kill | KillAndWait
+
val output_to_local_file : ?changeuid:((unit -> unit) -> unit) ->
- ?compressed:bool ->
+ ?compressed:bool -> ?on_exit_kill:on_exit_kill ->
Types.output_allocation ->
string -> string -> int64 -> string ->
unit
(** When an output mode wants to create a local file with a
particular format (only "raw" or "qcow2" allowed) then
- this common function can be used. *)
+ this common function can be used.
+
+ Optional parameter [?on_exit_kill] controls how the NBD server
+ is cleaned up. The default is {!Kill} which registers an
+ {!On_exit.kill} handler that kills (but does not wait for)
+ the server when virt-v2v exits. Most callers should use this.
+
+ Setting [~on_exit_kill:KillAndWait] should be used if the NBD
+ server must fully exit before we continue with the rest of
+ virt-v2v shut down. This is only necessary if some other action
+ (such as unmounting a host filesystem or removing a host device)
+ depends on the NBD server releasing resources. *)
val disk_path : string -> string -> int -> string
(** For [-o disk|qemu], return the output disk name of the i'th disk,

View File

@ -0,0 +1,33 @@
From f820585c37beb648ab856818179091349a604523 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Fri, 15 Jul 2022 11:37:46 +0100
Subject: [PATCH] -o rhv: Wait for the NBD server to exit to avoid a race with
unmounting
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1953286#c26
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 2fbd578b4e6884a23063ad67ee36f02c4eb6c668)
---
output/output_rhv.ml | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/output/output_rhv.ml b/output/output_rhv.ml
index 15a2c14a..45f831e3 100644
--- a/output/output_rhv.ml
+++ b/output/output_rhv.ml
@@ -175,7 +175,14 @@ module RHV = struct
chmod filename 0o666
)
in
- output_to_local_file ~changeuid
+
+ (* We have to wait for the NBD server to exit rather than just
+ * killing it, otherwise it races with unmounting. See:
+ * https://bugzilla.redhat.com/show_bug.cgi?id=1953286#c26
+ *)
+ let on_exit_kill = Output.KillAndWait in
+
+ output_to_local_file ~changeuid ~on_exit_kill
output_alloc output_format filename size socket
) (List.combine disks filenames);

View File

@ -0,0 +1,66 @@
From 29c6ee9322da082e3be9faa94cf4a6840b49cd97 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 22 Jul 2022 09:36:27 +0200
Subject: [PATCH] output/create_libvirt_xml: relax VCPU feature checking for
"qemu64"
When the source domain doesn't specify a VCPU model ("s_cpu_model" is
None), and the guest OS is assumed to work with the default VCPU model
("gcaps_default_cpu" is true), we don't output any <cpu> element. In that
case, libvirtd augments the domain config with:
[1] <cpu mode='custom' match='exact' check='none'>
<model fallback='forbid'>qemu64</model>
</cpu>
where the @check='none' attribute ensures that the converted domain will
be launched, for example, on an Intel host, despite the "qemu64" VCPU
model containing AMD-only feature flags such as "svm".
However, if the source domain explicitly specifies the "qemu64" model
(mostly seen with "-i libvirt -ic qemu://..."), we presently output
[2] <cpu match='minimum'>
<model fallback='allow'>qemu64</model>
</cpu>
which libvirtd completes as
[3] <cpu mode='custom' match='minimum' check='partial'>
<model fallback='allow'>qemu64</model>
</cpu>
In [3], cpu/@match='minimum' and cpu/model/@fallback='allow' are both
laxer than @match='exact' and @fallback='forbid', respectively, in [1].
However, cpu/@check='partial' in [3] is stricter than @check='none' in
[1]; it causes libvirtd to catch the "svm" feature flag on an Intel host,
and prevents the converted domain from starting.
The "qemu64" VCPU model is supposed to run on every possible host
<https://gitlab.com/qemu-project/qemu/-/blob/master/docs/system/cpu-models-x86.rst.inc>,
therefore make an exception for the explicitly specified "qemu64" VCPU
model, and generate the @check='none' attribute.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2107503
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220722073627.6511-1-lersek@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit e5297c3180fd3ebea41a40f4c5a66969a24b9ff3)
---
output/create_libvirt_xml.ml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/output/create_libvirt_xml.ml b/output/create_libvirt_xml.ml
index 531a4f75..bd01304d 100644
--- a/output/create_libvirt_xml.ml
+++ b/output/create_libvirt_xml.ml
@@ -192,6 +192,8 @@ let create_libvirt_xml ?pool source inspect
List.push_back cpu_attrs ("mode", "host-passthrough");
| Some model ->
List.push_back cpu_attrs ("match", "minimum");
+ if model = "qemu64" then
+ List.push_back cpu_attrs ("check", "none");
(match source.s_cpu_vendor with
| None -> ()
| Some vendor ->

View File

@ -0,0 +1,59 @@
From 9e1c78a4dda8e8f504fd8f01d7ff5a02e6d3b8ff Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 29 Jul 2022 12:57:03 +0200
Subject: [PATCH] input-xen: cover RHEL9 OpenSSL crypto settings
In [master] commit af4a0454cdd2 ("input-xen: replace "enable LEGACY
crypto" advice with targeted ssh options", 2022-07-11), we documented how
the libssh / openssh crypto settings needed to be relaxed, for connecting
to RHEL5 sshd. [rhel-9.1 commit: 3f7f730ac9cb.]
It turns out that in RHEL9, the non-LEGACY crypto policies disable SHA1 in
signature algorithms even at the OpenSSL level. Explain how the user can
re-enable that separately, for individual virt-v2v invocations.
The method depends on Rich's libvirt commit 45912ac399ab ("rpc: Pass
OPENSSL_CONF through to ssh invocations", 2022-07-25), which is is going
to be released in upstream libvirt v8.6.0.
Thanks: Dmitry Belyavskiy & Rich Jones
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2062360
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220729105703.10150-1-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit ddab06d5eb99696f5fd1073b8ec91efbc8c3e4ab)
---
docs/virt-v2v-input-xen.pod | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/docs/virt-v2v-input-xen.pod b/docs/virt-v2v-input-xen.pod
index 1775fc31..9c3981e1 100644
--- a/docs/virt-v2v-input-xen.pod
+++ b/docs/virt-v2v-input-xen.pod
@@ -54,6 +54,26 @@ new one. Virt-v2v uses both C<libssh> and C<ssh> when converting a guest
from Xen, and on some operating systems, C<libssh> and C<ssh> may not
both accept the same option variant.)
+When connecting to RHEL 5 sshd from RHEL 9, the SHA1 algorithm's use in
+signatures has to be re-enabled at the OpenSSL level, in addition to the
+above SSH configuration. Create a file called F<$HOME/openssl-sha1.cnf>
+with the following contents:
+
+ .include /etc/ssl/openssl.cnf
+ [openssl_init]
+ alg_section = evp_properties
+ [evp_properties]
+ rh-allow-sha1-signatures = yes
+
+and export the following variable into the environment of the
+C<virt-v2v> process:
+
+ OPENSSL_CONF=$HOME/openssl-sha1.cnf
+
+Note that the C<OPENSSL_CONF> environment variable will only take effect
+if the libvirt client library used by virt-v2v is at least version
+8.6.0.
+
=head2 Test libvirt connection to remote Xen host
Use the L<virsh(1)> command to list the guests on the remote Xen host:

View File

@ -0,0 +1,46 @@
From 83fc438139c49ffae330d5caeece1e52bcb1d18e Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Fri, 5 Aug 2022 10:44:26 +0200
Subject: [PATCH] convert_linux: remove LVM2 "devices file"
A recent feature of LVM2 is the "devices file"
<https://man7.org/linux/man-pages/man8/lvmdevices.8.html>. It speeds up
LVM2 PV discovery on a normal system, but an old devices file in a
converted domain (with different hardware) can prevent the assembly of
volume groups.
In particular, when converting a physical system to a guest with virt-p2v,
the original system will have used "sys_wwid"-type identifiers in the LVM2
devices file, and those are guaranteed not to match any virtio-blk disks
in the output domain.
We've seen a similar issue in the past under RHBZ#1164853, so just extend
the same scrubbing with the new pathname.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2112801
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220805084426.9200-1-lersek@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 8e4b732e8b4343c169c658338da53fb0ede7e512)
---
convert/convert_linux.ml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/convert/convert_linux.ml b/convert/convert_linux.ml
index a66ff1e4..2aaa438e 100644
--- a/convert/convert_linux.ml
+++ b/convert/convert_linux.ml
@@ -1402,11 +1402,11 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ =
* device names. blkid will rebuild these on demand.
*
* Delete the LVM cache since it will contain references to the
- * old devices (RHBZ#1164853).
+ * old devices (RHBZ#1164853, RHBZ#2112801).
*)
List.iter g#rm_f [
"/etc/blkid/blkid.tab"; "/etc/blkid.tab";
- "/etc/lvm/cache/.cache"
+ "/etc/lvm/cache/.cache"; "/etc/lvm/devices/system.devices"
];
in

View File

@ -0,0 +1,48 @@
From 380fa6663e9b373d87e446fc03601e9e44f985f6 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Tue, 9 Aug 2022 19:09:08 +0100
Subject: [PATCH] convert: linux: Add support for Zstandard compressed kernel
modules
OpenSUSE uses *.ko.zst for kernel modules. This commit adds support
in the same way as the existing support for *.ko.xz. Note this
requires a corresponding change to libguestfs to support Zstandard
compression in the guestfs_file_architecture API:
https://github.com/libguestfs/libguestfs/commit/0e784824e82a88e522873fec5db1a11943d637ed
Reported-by: Xiaodai Wang
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2116811
(cherry picked from commit 315c016dbea899587649a4bbf1865390cb4e1d3c)
---
convert/linux_kernels.ml | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/convert/linux_kernels.ml b/convert/linux_kernels.ml
index 307de572..6e9d2bdd 100644
--- a/convert/linux_kernels.ml
+++ b/convert/linux_kernels.ml
@@ -65,8 +65,8 @@ let print_kernel_info chan prefix ki =
ki.ki_supports_isa_pvpanic ki.ki_supports_virtio_socket
ki.ki_is_xen_pv_only_kernel ki.ki_is_debug
-let rex_ko = PCRE.compile "\\.k?o(?:\\.xz)?$"
-let rex_ko_extract = PCRE.compile "/([^/]+)\\.k?o(?:\\.xz)?$"
+let rex_ko = PCRE.compile "\\.k?o(?:\\.(?:xz|zst))?$"
+let rex_ko_extract = PCRE.compile "/([^/]+)\\.k?o(?:\\.(?:xz|zst))?$"
let detect_kernels (g : G.guestfs) inspect family bootloader =
(* What kernel/kernel-like packages are installed on the current guest? *)
@@ -203,7 +203,11 @@ let detect_kernels (g : G.guestfs) inspect family bootloader =
let all_candidates = List.flatten (
List.map (
fun f ->
- [ "/" ^ f ^ ".o"; "/" ^ f ^ ".ko"; "/" ^ f ^ ".ko.xz" ]
+ [ "/" ^ f ^ ".o";
+ "/" ^ f ^ ".ko";
+ "/" ^ f ^ ".ko.xz";
+ "/" ^ f ^ ".ko.zst";
+ ]
) candidates
) in
let candidate =

View File

@ -0,0 +1,98 @@
From 7dd396af54df3f7563aa3a42b3c17547710aec67 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Wed, 17 Aug 2022 16:47:36 +0200
Subject: [PATCH] convert_linux: start the QEMU guest agent in a
distro-specific way
The current command "service <package-name> start" does not apply to
RHEL-6; the service name ("qemu-ga") differs from the package name
("qemu-guest-agent") there.
Overhaul the logic -- detach the command from the package name; cover the
RHEL, ALT, SUSE and Debian families separately. Remove the "chkconfig"
command, as in all tested / investigated cases, it is unnecessary.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2028764
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20220817144736.18850-1-lersek@redhat.com>
Acked-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit ad2b4f2e50950a5798a75359badb526290aa92e7)
---
convert/convert_linux.ml | 56 ++++++++++++++++++++++++++++------------
1 file changed, 40 insertions(+), 16 deletions(-)
diff --git a/convert/convert_linux.ml b/convert/convert_linux.ml
index 2aaa438e..b8e9ad15 100644
--- a/convert/convert_linux.ml
+++ b/convert/convert_linux.ml
@@ -66,6 +66,34 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ =
| _ -> None
in
+ let qga_svc_start_cmd family distro major =
+ match family, distro, major with
+ | `RHEL_family, ( "rhel" | "centos" | "scientificlinux" | "redhat-based" |
+ "oraclelinux" ), 6 ->
+ (* https://bugzilla.redhat.com/show_bug.cgi?id=2028764#c52 *)
+ Some "service qemu-ga start"
+
+ | `RHEL_family, _, _ ->
+ (* https://bugzilla.redhat.com/show_bug.cgi?id=2028764#c52 *)
+ Some "systemctl start qemu-guest-agent"
+
+ | `ALT_family, _, _ ->
+ (* https://bugzilla.redhat.com/show_bug.cgi?id=2028764#c45 *)
+ Some "systemctl start qemu-guest-agent"
+
+ | `SUSE_family, _, _ ->
+ (* https://bugzilla.redhat.com/show_bug.cgi?id=2028764#c51 *)
+ None
+
+ | `Debian_family, _, _ ->
+ (* https://bugzilla.redhat.com/show_bug.cgi?id=2028764#c42 *)
+ Some "service qemu-guest-agent start"
+
+ | _ ->
+ (* should never be called when "qga_pkg_of_family" returns None *)
+ assert false
+ in
+
assert (inspect.i_package_format = "rpm" || inspect.i_package_format = "deb");
(* Fail early if i_apps is empty. Certain steps such as kernel
@@ -615,23 +643,19 @@ let convert (g : G.guestfs) source inspect keep_serial_console _ =
\ \ rm -f %s\n\
fi\n" selinux_enforcing selinux_enforcing);
- (* Start the agent now and at subsequent boots. The following
- * commands should work on both sysvinit distros / distro versions
- * (regardless of "/etc/rc.d/" vs. "/etc/init.d/" being the scheme
- * in use) and systemd distros (via redirection to systemctl).
- *
- * On distros where the chkconfig command is redirected to
- * systemctl, the chkconfig command is likely superfluous. That's
- * because on systemd distros, the QGA package comes with such
- * runtime dependencies / triggers that the presence of the
- * virtio-serial port named "org.qemu.guest_agent.0" automatically
- * starts the agent during (second and later) boots. However, even
- * on such distros, the chkconfig command should do no harm.
+ (* On all the distro families covered by "qga_pkg_of_family" and
+ * "qga_svc_start_cmd", the QEMU guest agent service is always
+ * enabled by package installation for *subsequent* boots. Package
+ * installation may or may not enable the service for the current
+ * (i.e., first) boot, however, so try that here manually.
*)
- fbs "start qga"
- (sprintf "#!/bin/sh\n\
- service %s start\n\
- chkconfig %s on\n" qga_pkg qga_pkg)
+ match qga_svc_start_cmd family inspect.i_distro inspect.i_major_version
+ with
+ | None -> ()
+ | Some start_cmd ->
+ fbs "start qga"
+ (sprintf "#!/bin/sh\n\
+ %s\n" start_cmd)
with
| Guest_packages.Unknown_package_manager msg
| Guest_packages.Unimplemented_package_manager msg ->

View File

@ -7,7 +7,7 @@ set -e
# ./copy-patches.sh
project=virt-v2v
rhel_version=9.0.0
rhel_version=9.1
# Check we're in the right directory.
if [ ! -f $project.spec ]; then
@ -36,7 +36,12 @@ git rm -f [0-9]*.patch ||:
rm -f [0-9]*.patch
# Get the patches.
(cd $git_checkout; rm -f [0-9]*.patch; git -c core.abbrev=8 format-patch -O/dev/null --subject-prefix=PATCH -N --submodule=diff $tag)
(
cd $git_checkout
rm -f [0-9]*.patch
git -c core.abbrev=8 format-patch -O/dev/null --subject-prefix=PATCH -N \
--submodule=diff --no-signature --patience $tag
)
mv $git_checkout/[0-9]*.patch .
# Remove any not to be applied.

View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmIL8EkRHHJpY2hAYW5u
ZXhpYS5vcmcACgkQkXOPc+G3aKCSExAAiEWAd+WvG8cf33xrDzAERh3Hg/E89iTv
P0Ue9HEWFb4yLEKckW7WjagDxrdBdf7VBkBY2wgkkUVq0o4bWhQVWEKPfgWXdiJC
5sE4wO4trCQDCyZLB/iSiH85oQVf839Jbk04qHWUU7DXsE6apL1LMi2xRUlMPRTf
6hZVe9WIjlKonzuteQslqVHKVhTZmqkr1NTkYq0OhCHFzMpb1xi0JQni9vKXIaSN
4vvaDXBzBZW+00iux1PE/Age9QC3AkSESF95Uqx6nYSF98aBEG+3ErcUkMXxL8+i
c6RYwqFC2oINEPHg46dZtZyAiJNVY4H7hAM1DDe47tFWvmLEIEgyS5XkPfdfReoX
vVheS+cn6uRbSGeG1iF2ru8ehb+uscatwFc9eWsvoQ10Mt477R7VoG6gTYfIAwP8
hy5gCgyhlT9t1KKp/39UK4WIwSbIOl6vXH2Kpzam0wKb8xynHYU4cyvk4TGZk+ks
+a63+98ZYeL3hBHAIe2u1wDmgdbVSfvIcK7TEzFTPesAm2WqhkC08CPfinS9vCUI
VogUpze9+zHZaSBWHCPhfUBpUNF6tGvLRlH0B/ml/6E8csSQ+kT8CWl0ZGvJuNfB
es8QiAT5XXXTrNgAw782xZOP6aieNrnoNY0J7rFaAbL1OaIXC21lGWAPSZeCOOo/
PRaJqt5iaDA=
=okD+
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
iQJFBAABCAAvFiEE93dPsa0HSn6Mh2fqkXOPc+G3aKAFAmLFq4sRHHJpY2hAYW5u
ZXhpYS5vcmcACgkQkXOPc+G3aKCdDg/+LQr8ro5P9iKSDRNwLJ4jHmoXOqZVkSqO
KHk+kHuqFwSruEHxVGZwf9jYBNOuGD9K1d6AFWfYbRS2jEZpiA22ZX1Ym67PF5Fp
dw72BmWHBOzJ8YO6vauvpaRNLPypSgr3RwJUPlRYw847MFDrn71EVOBv7dqwVp0q
LqBk1wj/M3wKVV2DL8u0JE+CArSmqYSCCnyl2oq0VfIlhYbPQ4iprqTr5HWdd2fs
Mc0JkQiuYLoV3V7MP8U0qncktABZ/6gNuTSiUAsWLGSLaH67MNEfqjF4OyEU95cA
qivB53LEIebIAO07E9bLeFeXx7WLZsPI3Ms5m+aFWqjCLHl7h0qarHsrMMe+SBI6
aSK+BzPzVHfzrqGRnL+95EQI0Vw9g5yLkxkm69KYGbukMulFdGgI24cGqHKEFadu
NbrSE/6ydkdKS8NGKeyM+Y5RMoWh379nQcksj8dB6Vv2NV31KQvde9mFxnV92FOn
1gYbIRwKPM1cc3VF6E3qlmIuBq59vagsJ/rcKg8fe8LNpNiOfi+Cmk8gYs9WuDFH
/RWCYd3XMWxYQ5ZGi3rCVw4ijZbdHGwc1+sH9/ExLGDVuUJQfJ0fpdjR4mYnghav
tFKc6EjxJknCR7D4HahVdzFbT/XrD0KpQ5JxToLDA3o7ecPJ42ExfKL53OwYjM/t
LUUDntYK6sk=
=Grra
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,4 @@
%undefine _package_note_flags
# If we should verify tarball signature with GPGv2.
%global verify_tarball_signature 1
@ -10,12 +11,12 @@
%endif
# The source directory.
%global source_directory 1.45-development
%global source_directory 2.0-stable
Name: virt-v2v
Epoch: 1
Version: 1.45.99
Release: 2%{?dist}
Version: 2.0.7
Release: 6%{?dist}
Summary: Convert a virtual machine to run on KVM
License: GPLv2+
@ -31,6 +32,42 @@ Source2: libguestfs.keyring
# Maintainer script which helps with handling patches.
Source3: copy-patches.sh
# Patches.
Patch0001: 0001-RHEL-v2v-Select-correct-qemu-binary-for-o-qemu-mode-.patch
Patch0002: 0002-RHEL-v2v-Disable-the-qemu-boot-oo-qemu-boot-option-R.patch
Patch0003: 0003-RHEL-Fix-list-of-supported-sound-cards-to-match-RHEL.patch
Patch0004: 0004-RHEL-Fixes-for-libguestfs-winsupport.patch
Patch0005: 0005-RHEL-v2v-i-disk-force-VNC-as-display-RHBZ-1372671.patch
Patch0006: 0006-RHEL-v2v-do-not-mention-SUSE-Xen-hosts-RHBZ-1430203.patch
Patch0007: 0007-RHEL-point-to-KB-for-supported-v2v-hypervisors-guest.patch
Patch0008: 0008-RHEL-Disable-o-glance.patch
Patch0009: 0009-RHEL-Remove-the-in-place-option.patch
Patch0010: 0010-output-Remove-o-json-mode.patch
Patch0011: 0011-output-Remove-unused-dummy.c.patch
Patch0012: 0012-adopt-inversion-of-SELinux-relabeling-in-virt-custom.patch
Patch0013: 0013-output-create_libvirt_xml-wire-up-the-QEMU-guest-age.patch
Patch0014: 0014-convert_linux-extract-qemu-guest-agent-package-name.patch
Patch0015: 0015-convert_linux-install-the-QEMU-guest-agent-with-a-fi.patch
Patch0016: 0016-RHV-outputs-limit-copied-disk-count-to-23.patch
Patch0017: 0017-convert-document-networking-dependency-of-key-ID-cle.patch
Patch0018: 0018-qemu-nbd-Implement-output-compression-for-qcow2-file.patch
Patch0019: 0019-o-disk-o-libvirt-o-qemu-Implement-of-qcow2-oo-compre.patch
Patch0020: 0020-tests-Add-a-simple-test-of-o-local-of-qcow2-oo-compr.patch
Patch0021: 0021-RHEL-9-oo-compressed-Remove-nbdcopy-version-check-an.patch
Patch0022: 0022-RHEL-9-tests-Remove-btrfs-test.patch
Patch0023: 0023-convert-convert_linux-complete-the-remapping-of-NVMe.patch
Patch0024: 0024-input-xen-sync-ip-limitations-language-from-input-vm.patch
Patch0025: 0025-input-xen-replace-enable-LEGACY-crypto-advice-with-t.patch
Patch0026: 0026-common-Adapt-to-renamed-function-On_exit.rmdir-On_ex.patch
Patch0027: 0027-o-rhv-Unmount-the-temporary-NFS-mountpoint-as-late-a.patch
Patch0028: 0028-output-Permit-output-modes-to-wait-on-the-local-NBD-.patch
Patch0029: 0029-o-rhv-Wait-for-the-NBD-server-to-exit-to-avoid-a-rac.patch
Patch0030: 0030-output-create_libvirt_xml-relax-VCPU-feature-checkin.patch
Patch0031: 0031-input-xen-cover-RHEL9-OpenSSL-crypto-settings.patch
Patch0032: 0032-convert_linux-remove-LVM2-devices-file.patch
Patch0033: 0033-convert-linux-Add-support-for-Zstandard-compressed-k.patch
Patch0034: 0034-convert_linux-start-the-QEMU-guest-agent-in-a-distro.patch
%if !0%{?rhel}
# libguestfs hasn't been built on i686 for a while since there is no
# kernel built for this architecture any longer and libguestfs rather
@ -48,47 +85,28 @@ ExcludeArch: %{ix86}
ExclusiveArch: x86_64
%endif
# Downstream (RHEL-only) patches.
%if 0%{?rhel}
# Patches.
Patch0001: 0001-RHEL-v2v-Select-correct-qemu-binary-for-o-qemu-mode-.patch
Patch0002: 0002-RHEL-v2v-Disable-the-qemu-boot-oo-qemu-boot-option-R.patch
Patch0003: 0003-RHEL-Fix-list-of-supported-sound-cards-to-match-RHEL.patch
Patch0004: 0004-RHEL-Fixes-for-libguestfs-winsupport.patch
Patch0005: 0005-RHEL-v2v-i-disk-force-VNC-as-display-RHBZ-1372671.patch
Patch0006: 0006-RHEL-v2v-do-not-mention-SUSE-Xen-hosts-RHBZ-1430203.patch
Patch0007: 0007-RHEL-point-to-KB-for-supported-v2v-hypervisors-guest.patch
Patch0008: 0008-RHEL-Disable-o-glance.patch
Patch0009: 0009-RHEL-Remove-the-in-place-option.patch
Patch0010: 0010-lib-Remove-Utils.metaversion.patch
Patch0011: 0011-lib-v2v-Move-common-code-for-creating-v2v-directory-.patch
Patch0012: 0012-v2v-Move-creation-of-v2v-directory-until-after-optio.patch
Patch0013: 0013-lib-nbdkit.ml-Correct-copy-paste-error-in-comment.patch
Patch0014: 0014-lib-Improve-security-of-in-out-sockets-when-running-.patch
Patch0015: 0015-nbdkit-qemuNBD-run_unix-formally-require-externally-.patch
%endif
%if 0%{patches_touch_autotools}
BuildRequires: autoconf, automake, libtool
%endif
BuildRequires: git
BuildRequires: make
BuildRequires: /usr/bin/pod2man
BuildRequires: gcc
BuildRequires: ocaml >= 4.01
BuildRequires: ocaml >= 4.04
BuildRequires: libguestfs-devel >= 1:1.42
BuildRequires: libguestfs-devel >= 1:1.44
BuildRequires: augeas-devel
BuildRequires: bash-completion
BuildRequires: file-devel
BuildRequires: gettext-devel
BuildRequires: jansson-devel
BuildRequires: libnbd-devel >= 1.10.3
BuildRequires: libnbd-devel
BuildRequires: libosinfo-devel
BuildRequires: libvirt-daemon-kvm
BuildRequires: libvirt-devel
BuildRequires: libxml2-devel
BuildRequires: pcre-devel
BuildRequires: pcre2-devel
BuildRequires: perl(Sys::Guestfs)
BuildRequires: po4a
BuildRequires: /usr/bin/virsh
@ -109,7 +127,7 @@ BuildRequires: nbdkit-python-plugin
BuildRequires: gnupg2
%endif
Requires: libguestfs%{?_isa} >= 1:1.42
Requires: libguestfs%{?_isa} >= 1:1.48.4-2.el9
Requires: guestfs-tools >= 1.42
# XFS is the default filesystem in Fedora and RHEL.
@ -136,12 +154,16 @@ Requires: edk2-ovmf
Requires: edk2-aarch64
%endif
%if !0%{?rhel}
Requires: python3
%else
Requires: platform-python
Requires: libnbd >= 1.8.2-2.el9
%endif
Requires: libnbd >= 1.12.4-2.el9
Requires: %{_bindir}/qemu-nbd
Requires: %{_bindir}/nbdcopy
Requires: %{_bindir}/nbdinfo
Requires: nbdkit-server >= 1.28.3-2.el9
Requires: nbdkit-server >= 1.28.3-1.el9
Requires: nbdkit-curl-plugin
Requires: nbdkit-file-plugin
Requires: nbdkit-nbd-plugin
@ -153,9 +175,9 @@ Requires: nbdkit-vddk-plugin
%endif
Requires: nbdkit-blocksize-filter
Requires: nbdkit-cacheextents-filter
Requires: nbdkit-cow-filter >= 1.26.5-1.el9
Requires: nbdkit-cow-filter >= 1.28.3-1.el9
Requires: nbdkit-multi-conn-filter
Requires: nbdkit-rate-filter
Requires: nbdkit-readahead-filter
Requires: nbdkit-retry-filter
# For rhsrvany.exe, used to install firstboot scripts in Windows guests.
@ -213,7 +235,7 @@ for %{name}.
%if 0%{verify_tarball_signature}
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%endif
%autosetup -p1
%autosetup -p1 -S git
%if 0%{patches_touch_autotools}
autoreconf -i
@ -237,13 +259,21 @@ make V=1 %{?_smp_mflags}
# Delete libtool crap.
find $RPM_BUILD_ROOT -name '*.la' -delete
# Virt-tools data directory. This contains a symlink to rhsrvany.exe
# which is satisfied by the dependency on mingw32-srvany.
# Virt-tools data directory. This contains symlinks to rhsrvany.exe
# and pnp_wait.exe which are satisfied by the dependency on
# mingw32-srvany.
mkdir -p $RPM_BUILD_ROOT%{_datadir}/virt-tools
pushd $RPM_BUILD_ROOT%{_datadir}/virt-tools
ln -sf /usr/i686-w64-mingw32/sys-root/mingw/bin/rhsrvany.exe
ln -sf ../../i686-w64-mingw32/sys-root/mingw/bin/rhsrvany.exe
ln -sf ../../i686-w64-mingw32/sys-root/mingw/bin/pnp_wait.exe
popd
%if 0%{?rhel}
# On RHEL remove virt-v2v-in-place.
rm $RPM_BUILD_ROOT%{_bindir}/virt-v2v-in-place
rm $RPM_BUILD_ROOT%{_mandir}/man1/virt-v2v-in-place.1*
%endif
# Find locale files.
%find_lang %{name}
@ -280,14 +310,21 @@ popd
%license COPYING
%doc README
%{_bindir}/virt-v2v
%if !0%{?rhel}
%{_bindir}/virt-v2v-in-place
%endif
%{_mandir}/man1/virt-v2v.1*
%{_mandir}/man1/virt-v2v-hacking.1*
%{_mandir}/man1/virt-v2v-input-vmware.1*
%{_mandir}/man1/virt-v2v-input-xen.1*
%if !0%{?rhel}
%{_mandir}/man1/virt-v2v-in-place.1*
%endif
%{_mandir}/man1/virt-v2v-output-local.1*
%{_mandir}/man1/virt-v2v-output-openstack.1*
%{_mandir}/man1/virt-v2v-output-rhv.1*
%{_mandir}/man1/virt-v2v-release-notes-1.42.1*
%{_mandir}/man1/virt-v2v-release-notes-2.0.1*
%{_mandir}/man1/virt-v2v-support.1*
%{_datadir}/virt-tools
@ -308,9 +345,77 @@ popd
%changelog
* Wed Mar 23 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.45.99-2
* Thu Aug 18 2022 Laszlo Ersek <lersek@redhat.com> - 1:2.0.7-6
- Install qemu-ga package during conversion
resolves: rhbz#2028764
* Wed Aug 10 2022 Richard W.M. Jones <rjones@redhat.com> - 1:2.0.7-5
- Remove LVM2 "devices file" during conversion
resolves: rhbz#2112801
- Add support for Zstandard compressed kernel modules
resolves: rhbz#2116811
* Fri Jul 29 2022 Laszlo Ersek <lersek@redhat.com> - 1:2.0.7-4
- Remove legacy crypto advice and replace with targeted mechanism
resolves: rhbz#2062360
* Mon Jul 25 2022 Laszlo Ersek <lersek@redhat.com> - 1:2.0.7-3
- relax qemu64 VCPU feature checking in the libvirt output
resolves rhbz#2107503
* Fri Jul 15 2022 Richard W.M. Jones <rjones@redhat.com> - 1:2.0.7-2
- Rebase to stable branch version 2.0.7
resolves: rhbz#2059287, rhbz#1658126, rhbz#1788823, rhbz#1854275
- Fix openssh-clients dependency
resolves: rhbz#2064178
- Fix security issue when running virt-v2v as root
resolves: rhbz#2066775
resolves: rhbz#2066773
- Remove -o json mode
resolves: rhbz#2074026
- Allow conversion of guests with NVMe drives from VMX files
resolves: rhbz#2070530
- Cleanly reject guests with snapshots when using -it ssh
resolves: rhbz#1774386
- Document that vmx+ssh "-ip" auth doesn't cover ssh / scp shell commands
resolves: rhbz#1854275
- Fix conversion if swap partition isn't encrypted with root directory
resolves: rhbz#1658128
- Document permissions when importing OVA using RHV UI
resolves: rhbz#2039597
- Multiple fixes for -o qemu mode
resolves: rhbz#2074805
- Work around blocking bug in OpenStack
resolves: rhbz#2074801
- If multiple open-vm-tools packages are installed, remove all (2076436)
- For -o rhv-upload wait for VM creation task
resolves: rhbz#1985830
- For -i vmx add full support for SATA hard disks
resolves: rhbz#1883802
- Fix booting of RHEL 9.1 guests after conversion
resolves: rhbz#2076013
- Fix -o qemu warning
resolves: rhbz#2082603
- If listing RPM applications fails, rebuild DB and retry (2089623)
- Document -i vmx -it ssh percent encoding in ssh URIs
resolves: rhbz#1938954
- Document extra permissions needed for VMware 7 (1817050)
- Remove osprober devices left around by grub2
resolves: rhbz#2003503
- Add Requires python3 / platform-python
resolves: rhbz#2094779
- Fix CVE-2022-2211 Denial of Service in --key parameter
resolves: rhbz#2102719
- Add -oo compressed support
resolves: rhbz#2047660
- Limit the maximum of disks per guest
resolves: rhbz#2051564
- Add support for LUKS encrypted guests using Clevis & Tang
resolves: rhbz#1809453
- Fix remapping of nvme devices in /boot/grub2/device.map
resolves: rhbz#2101665
- Improve documentation of vmx+ssh and -ip option
resolves: rhbz#1854275
- Fix race condition when unmounting in -o rhv mode (1953286#c26)
* Tue Feb 15 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.45.99-1
- Rebase to upstream 1.45.99.