search for: sslverify

The first commit removes the --dcpath parameter, which just makes the following stuff simpler. Since libvirt has supported getting datacenterpath from VMware since Oct 2015, it's time to drop this hairy parameter. The rest is quite a complicated series of refactorings, followed by a very simple change to add handling of snapshots taken from old virt-v2v. Rich.

Patch 1 was previously posted here: https://www.redhat.com/archives/libguestfs/2020-June/msg00086.html to handle this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1848862 I was able to observe this bug and for me at least disabling readahead seems to cure it. Patches 2 and 3 are simplifications, removing a now-undocumented feature of virt-v2v-copy-to-local and thus simplifying greatly the

...virt-v2v-copy-to-local(1). error (f_"ssh copy command failed, see earlier errors"); | ESXi _ -> - let curl_args = [ - "url", Some remote_disk; - "output", Some local_disk; - ] in - let curl_args = - if sslverify then curl_args - else ("insecure", None) :: curl_args in - let curl_args = - match cookie with - | None -> curl_args - | Some cookie -> ("cookie", Some cookie) :: curl_args in - let curl_args = - if quiet () then ("s...

See earlier thread on libvir-list: https://www.redhat.com/archives/libvir-list/2015-September/thread.html#00201 Libvirt >= 1.2.20 supplies the correct dcPath parameter. If it is available in the libvirt XML, use it, otherwise fall back to the old method of trying to guess it from the vpx:// path. Patches 1, 2 and 4 are just refactoring around this change. Rich.

It turns out that RHEL 5 Xen conversions don't work if the source disk is located on a block device. See patch 1/4 for the gory details. This patch series proposes a new tool called virt-v2v-copy-to-local which essentially is a way to make new virt-v2v work like the old virt-v2v, ie. copy first, convert after. Of course this is very slow and would only be used as a last resort, but I

Part 2 fix for: https://bugzilla.redhat.com/show_bug.cgi?id=1842440 Actually this fix on its own should be sufficient, but probably we want the nbdkit fixes too. Note this uses actual OCaml 4.05 features! ("let open" and the Unix.tcgetattr functions). I checked that both features are available on RHEL 7's OCaml. Rich.

Use -ip instead of --password-file, and various refactorings. It strikes me that we should probably deprecate and eventually remove virt-v2v-copy-to-local. With the introduction of the new SSH and VDDK transports, and with RHEL 5 Xen becoming more irrelevant, it's no longer needed. Rich.

These patches add the --password-file parameter, allowing you to pass a single password via a file. https://bugzilla.redhat.com/show_bug.cgi?id=1158526 Rich.

...| ESXi _ -> let curl_args = [ - "url", Some remote_disk; - "output", Some local_disk; - ] in + "url", Some remote_disk; + "output", Some local_disk; + ] in let curl_args = if sslverify then curl_args else ("insecure", None) :: curl_args in @@ -213,9 +213,10 @@ read the man page virt-v2v-copy-to-local(1). if quiet () then ("silent", None) :: curl_args else curl_args in + let curl_h = Curl.create curl_args in if verb...

..."url", Some remote_disk; - "output", Some local_disk; - ] in + let curl_args = + Curl.safe_args @ [ + "url", Some remote_disk; + "output", Some local_disk; + ] in let curl_args = if sslverify then curl_args else ("insecure", None) :: curl_args in @@ -213,9 +214,10 @@ read the man page virt-v2v-copy-to-local(1). if quiet () then ("silent", None) :: curl_args else curl_args in + let curl_h = Curl.create curl_args in if verb...

This is built on top of the following patch series: https://www.redhat.com/archives/libguestfs/2019-April/msg00054.html Rich.

...Enter host password for user 'root': [ 4.0] Creating an overlay to protect the source from being modified qemu-img: /tmp/v2vovl2305ba.qcow2: Could not open 'json: { "file.cookie" : "vmware_soap_session=\"52d44642-3451-51db-dc36-7621bbc387bd\"", "file.sslverify" : "off", "file.driver" : "https", "file.url" : "https://10.35.5.45/folder/CSB/CSB-flat.vmdk?dcPath=ha-datacenter&dsName=datastore1", "file.timeout" : 60 }': Unknown driver 'https': No such file or directory virt-v2v:...

...String.find query "no_verify=1" = -1 in - let https_url = get_https_url dcPath uri server path in + let https_url = + let https_url = get_https_url dcPath uri server path in + (* Check the URL exists. *) + let status, _, _ = + fetch_headers_from_url password scheme uri sslverify https_url in + (* If a disk is actually a snapshot image it will have '-00000n' + * appended to its name, e.g.: + * [yellow:storage1] RHEL4-X/RHEL4-X-000003.vmdk + * The flat storage is still called RHEL4-X-flat, however. If we got + * a 404 and the vmdk name looks like...

...n(-) diff --git a/v2v/vCenter.ml b/v2v/vCenter.ml index 89c5579b..d9bf12c1 100644 --- a/v2v/vCenter.ml +++ b/v2v/vCenter.ml @@ -79,7 +79,7 @@ let rec map_source ?bandwidth ?password_file dcPath uri server path = let nbdkit = Nbdkit.create_curl ?bandwidth ?cookie:session_cookie ~password ~sslverify - https_url in + ?user:uri.uri_user https_url in let qemu_uri = Nbdkit.run nbdkit in (* Return the struct. *) -- 2.24.1

...pace. Tested with vCenter 6.5 and 7. --- v2v/vCenter.ml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/v2v/vCenter.ml b/v2v/vCenter.ml index c28a4ced..4c128b0c 100644 --- a/v2v/vCenter.ml +++ b/v2v/vCenter.ml @@ -190,7 +190,9 @@ and fetch_headers_from_url password_file uri sslverify https_url = | [] -> dump_response stderr; error (f_"vcenter: no status code in output of ‘curl’ command. Is ‘curl’ installed?") - | ss -> String.sub (List.hd (List.rev ss)) 9 3 in + | ss -> + let s = List.hd (List.rev ss) in + String.sub s (S...

I am currently using https for the --url and --repo options in a kickstart file. The yum repo files are also set to do the same. Both of them have a setting (noverifyssl and sslverify=no, respectively) and this works as expected to pass --insecure to curl. However, I cannot figure out how to also serve the kickstart file itself. ks=user:pass at url works as a url, but I get the "Problem with the SSL CA cert" error. Is there a kernel cmdline option? I have tried differe...

...() method source ?bandwidth () = debug "input_libvirt_vcenter_https: source: server %s" server; diff --git a/v2v/vCenter.ml b/v2v/vCenter.ml index 586ea3e2..33120e88 100644 --- a/v2v/vCenter.ml +++ b/v2v/vCenter.ml @@ -189,7 +189,7 @@ and fetch_headers_from_url password_file uri sslverify https_url = match statuses with | [] -> dump_response stderr; - error (f_"vcenter: no status code in output of ‘curl’ command. Is ‘curl’ installed?") + error (f_"vcenter: no status code in output of ‘curl’ command.") | ss -> let s...

...r closed-source software behavior ;) > + > +The web server can be accessed as below. Since the cookie expires > +after a certain period of time, we use C<cookie-script-renew>, and > +because the server uses a self-signed certificate we must use > +I<--insecure> and C<sslverify=false>. > + > + SERVER=esx.example.com > + DCPATH=data > + DS=datastore1 > + GUEST=guest-name > + URL="https://$SERVER/folder/$GUEST/$GUEST-flat.vmdk?dcPath=$DCPATH&dsName=$DS" > + > + nbdkit curl "$URL" \ > + cookie-script=' > +...

...to do a more expensive username and password check +each time.) + +The web server can be accessed as below. Since the cookie expires +after a certain period of time, we use C<auth-script-renew>, and +because the server uses a self-signed certificate we must use +I<--insecure> and C<sslverify=false>. + + SERVER=esx.example.com + DCPATH=data + DS=datastore1 + GUEST=guest-name + URL="https://$SERVER/folder/$GUEST/$GUEST-flat.vmdk?dcPath=$DCPATH&dsName=$DS" + + nbdkit curl "$URL" \ + auth-script=' + curl --head -s --insecure -u root:passwor...

v2 was posted here: https://www.redhat.com/archives/libguestfs/2019-July/msg00115.html This also has links to earlier versions. v3: - The 01/11 patch in v2 included a bunch of unnecessary plus one necessary change to how input_password is passed around. I moved the necessary change into the final patch (implementing SSH password authentication) and dropped the rest. - The 01/11