Laszlo Ersek
2022-Feb-17 14:56 UTC
[Libguestfs] [v2v PATCH] docs: highlight that "-ip" with vmx+ssh still requires user interaction
The functions "remote_file_exists" and "scp_from_remote_to_temporary" [input/parse_domain_from_vmx.ml] rely on "ssh" and "scp" shell commands, which intentionally only take a password from a tty. This means that for vmx+ssh, "-ip" is incomplete. Completing the feature would require a lot of work; we'd have to reimplement "remote_file_exists" and "scp_from_remote_to_temporary" in C, using libssh (an sftp session). For "remote_file_exists", we'd have to replace "test -f" with sftp_lstat(). For "scp_from_remote_to_temporary", we'd need to write an SFTP download loop. vmx+ssh is too niche for this, so let's just document the limitation. Extends: 784be60842d088596d7af938f90c689083677dca Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1854275 Signed-off-by: Laszlo Ersek <lersek at redhat.com> --- docs/virt-v2v-input-vmware.pod | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/virt-v2v-input-vmware.pod b/docs/virt-v2v-input-vmware.pod index f13861339034..599a45cbfb63 100644 --- a/docs/virt-v2v-input-vmware.pod +++ b/docs/virt-v2v-input-vmware.pod @@ -139,6 +139,11 @@ virt-v2v server to the ESXi hypervisor. For example: $ ssh root at esxi.example.com [ logs straight into the shell, no password is requested ] +Note that support for non-interactive authentication via the I<-ip> +option is incomplete. Some operations remain that still require the +user to enter the password manually. Therefore ssh-agent is recommended +over the I<-ip> option. + =head3 VMX: Construct the SSH URI When using the SSH input transport you must specify a remote base-commit: f77770eed0e3f1b5e45b63e644b2b0279bf8d420 -- 2.19.1.3.g30247aa5d201
Richard W.M. Jones
2022-Feb-17 15:05 UTC
[Libguestfs] [v2v PATCH] docs: highlight that "-ip" with vmx+ssh still requires user interaction
On Thu, Feb 17, 2022 at 03:56:38PM +0100, Laszlo Ersek wrote:> The functions "remote_file_exists" and "scp_from_remote_to_temporary" > [input/parse_domain_from_vmx.ml] rely on "ssh" and "scp" shell commands, > which intentionally only take a password from a tty. This means that for > vmx+ssh, "-ip" is incomplete. > > Completing the feature would require a lot of work; we'd have to > reimplement "remote_file_exists" and "scp_from_remote_to_temporary" in C, > using libssh (an sftp session). For "remote_file_exists", we'd have to > replace "test -f" with sftp_lstat(). For "scp_from_remote_to_temporary", > we'd need to write an SFTP download loop. vmx+ssh is too niche for this, > so let's just document the limitation. > > Extends: 784be60842d088596d7af938f90c689083677dca > Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1854275 > Signed-off-by: Laszlo Ersek <lersek at redhat.com> > --- > docs/virt-v2v-input-vmware.pod | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/docs/virt-v2v-input-vmware.pod b/docs/virt-v2v-input-vmware.pod > index f13861339034..599a45cbfb63 100644 > --- a/docs/virt-v2v-input-vmware.pod > +++ b/docs/virt-v2v-input-vmware.pod > @@ -139,6 +139,11 @@ virt-v2v server to the ESXi hypervisor. For example: > $ ssh root at esxi.example.com > [ logs straight into the shell, no password is requested ] > > +Note that support for non-interactive authentication via the I<-ip> > +option is incomplete. Some operations remain that still require the > +user to enter the password manually. Therefore ssh-agent is recommended > +over the I<-ip> option. > +Yes this is fine as it is, but you might consider adding: See L<https://bugzilla.redhat.com/1854275> ACK Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com libguestfs lets you edit virtual machines. Supports shell scripting, bindings from many languages. http://libguestfs.org