113 lines
4.3 KiB
Diff
113 lines
4.3 KiB
Diff
From 0210e940c9bd7bbfda9654feea13cb3baccb1a00 Mon Sep 17 00:00:00 2001
|
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
|
Date: Tue, 1 Feb 2022 09:54:06 +0000
|
|
Subject: [PATCH] input: Require -ip password for vCenter over HTTPS
|
|
|
|
As far as I've ever seen, you always need a password to access the
|
|
/folder directory of a VMware server. If the password isn't specified
|
|
to virt-v2v using the -ip option then it used to try to ask for it
|
|
interactively when virt-v2v started. Actually it asked for the
|
|
password several times -- at least twice.
|
|
|
|
After we added the cookie-script feature (commit 2b9a11743b "v2v:
|
|
vcenter: Implement cookie scripts.") it tries to ask interactively at
|
|
random points during the conversion, which is obviously bad from a UI
|
|
point of view but also because the password is requested without a
|
|
prompt looks like a hang.
|
|
|
|
We could solve this by prompting for a password. But virt-v2v is not
|
|
primarily an interactive tool and it's an easier fix is to require the
|
|
caller to use the -ip passwordfile option (in this particular mode).
|
|
|
|
Reported-by: Xinyu Li
|
|
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1960087
|
|
(cherry picked from commit 8abc07a8589a48c79cc65159640e0d8ab3c9b261)
|
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
---
|
|
docs/virt-v2v-input-vmware.pod | 12 ++++++++++++
|
|
input/input_vcenter_https.ml | 12 +++++++++---
|
|
2 files changed, 21 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/docs/virt-v2v-input-vmware.pod b/docs/virt-v2v-input-vmware.pod
|
|
index d0a3f742..584eba38 100644
|
|
--- a/docs/virt-v2v-input-vmware.pod
|
|
+++ b/docs/virt-v2v-input-vmware.pod
|
|
@@ -24,6 +24,7 @@ virt-v2v-input-vmware - Using virt-v2v to convert guests from VMware
|
|
|
|
virt-v2v
|
|
-ic 'vpx://root@vcenter.example.com/Datacenter/esxi?no_verify=1'
|
|
+ -ip passwordfile
|
|
"GUEST NAME" [-o* options]
|
|
|
|
=head1 DESCRIPTION
|
|
@@ -389,6 +390,9 @@ will need to URI-escape that character using C<%5c>: C<DOMAIN%5cUSER>
|
|
(5c is the hexadecimal ASCII code for backslash.) Other punctuation
|
|
may also have to be escaped.
|
|
|
|
+The user's password must be supplied in a local file using the
|
|
+separate I<-ip> parameter.
|
|
+
|
|
=item C<server>
|
|
|
|
is the vCenter Server (I<not> hypervisor).
|
|
@@ -472,11 +476,19 @@ B<If the above commands do not work, then virt-v2v is not going to
|
|
work either>. Fix your libvirt configuration and/or your VMware
|
|
vCenter Server before continuing.
|
|
|
|
+=head2 vCenter: Supplying the password
|
|
+
|
|
+The vCenter password (usually for the root account, or the account
|
|
+specified by C<user@> in the vpx URL) has to be written to a local
|
|
+file, and the name of that file specified on the virt-v2v command line
|
|
+using I<-ip passwordfile>.
|
|
+
|
|
=head2 vCenter: Importing a guest
|
|
|
|
To import a particular guest from vCenter Server, do:
|
|
|
|
$ virt-v2v -ic 'vpx://root@vcenter.example.com/Datacenter/esxi?no_verify=1' \
|
|
+ -ip passwordfile \
|
|
"Windows 2003" \
|
|
-o local -os /var/tmp
|
|
|
|
diff --git a/input/input_vcenter_https.ml b/input/input_vcenter_https.ml
|
|
index bcefed16..fd5b4017 100644
|
|
--- a/input/input_vcenter_https.ml
|
|
+++ b/input/input_vcenter_https.ml
|
|
@@ -53,6 +53,13 @@ let rec vcenter_https_source dir options args =
|
|
| _ ->
|
|
error (f_"-i libvirt: expecting a libvirt guest name on the command line") in
|
|
|
|
+ (* -ip is required in this mode, see RHBZ#1960087 *)
|
|
+ let password_file =
|
|
+ match options.input_password with
|
|
+ | Some file -> file
|
|
+ | None ->
|
|
+ error (f_"-i libvirt: expecting -ip passwordfile parameter for vCenter connection") in
|
|
+
|
|
(* -ic must be set and it must contain a server. This is
|
|
* enforced by virt-v2v.
|
|
*)
|
|
@@ -76,8 +83,7 @@ let rec vcenter_https_source dir options args =
|
|
|
|
(* Connect to the hypervisor. *)
|
|
let conn =
|
|
- let auth = Libvirt_utils.auth_for_password_file
|
|
- ?password_file:options.input_password () in
|
|
+ let auth = Libvirt_utils.auth_for_password_file ~password_file () in
|
|
Libvirt.Connect.connect_auth ~name:input_conn auth in
|
|
|
|
(* Parse the libvirt XML. *)
|
|
@@ -109,7 +115,7 @@ let rec vcenter_https_source dir options args =
|
|
let cor = dir // "convert" in
|
|
let pid = VCenter.start_nbdkit_for_path
|
|
?bandwidth:options.bandwidth
|
|
- ~cor ?password_file:options.input_password
|
|
+ ~cor ~password_file
|
|
dcPath uri server path socket in
|
|
On_exit.kill pid
|
|
) disks;
|
|
--
|
|
2.19.1.3.g30247aa5d201
|
|
|