[guestfs-tools PATCH] sysprep: remove lvm2's default "system.devices" file
by Laszlo Ersek
(Background: lvm2 commit 83fe6e720f42, "device usage based on devices
file", 2021-02-23; first released in v2_03_12.)
"lvm pvscan" may be -- and in RHEL9, will soon be -- restricted to those
block devices whose WWIDs are listed in "/etc/lvm/devices/system.devices".
This is a problem when cloning a VM, as cloning may change the WWIDs of
the domain's disk devices, and then physical volumes underlying the guest
filesystems may not be found. Example:
<https://bugzilla.redhat.com/show_bug.cgi?id=2059545#c12>.
Add the "lvm-system-devices" operation for removing this file, so that
"lvm pvscan" investigate all block devices for PVs.
(Note that this operation is independent from "lvm-uuids". The libguestfs
appliance creates a pristine LVM_SYSTEM_DIR in "appliance/init" (see
libguestfs commit dd162d2cd56a), thus, when "lvm-uuids" calls "g#pvs" and
"g#vgs", those APIs can never be affected by an
"$LVM_SYSTEM_DIR/devices/system.devices" file.)
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2072493
Signed-off-by: Laszlo Ersek <lersek(a)redhat.com>
---
sysprep/Makefile.am | 1 +
sysprep/sysprep_operation_lvm_system_devices.ml | 44 ++++++++++++++++++++
2 files changed, 45 insertions(+)
diff --git a/sysprep/Makefile.am b/sysprep/Makefile.am
index 0e3afc8a01c7..7d5e8aadf448 100644
--- a/sysprep/Makefile.am
+++ b/sysprep/Makefile.am
@@ -46,6 +46,7 @@ operations = \
ipa_client \
kerberos_data \
kerberos_hostkeytab \
+ lvm_system_devices \
lvm_uuids \
logfiles \
machine_id \
diff --git a/sysprep/sysprep_operation_lvm_system_devices.ml b/sysprep/sysprep_operation_lvm_system_devices.ml
new file mode 100644
index 000000000000..b41fa5dbc23a
--- /dev/null
+++ b/sysprep/sysprep_operation_lvm_system_devices.ml
@@ -0,0 +1,44 @@
+(* virt-sysprep
+ * Copyright (C) 2012-2022 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *)
+
+open Sysprep_operation
+open Common_gettext.Gettext
+
+module G = Guestfs
+
+let system_devices_file = "/etc/lvm/devices/system.devices"
+
+let rec lvm_system_devices_perform g root side_effects =
+ let typ = g#inspect_get_type root in
+ if typ = "linux" then g#rm_f system_devices_file
+
+let op = {
+ defaults with
+ name = "lvm-system-devices";
+ enabled_by_default = true;
+ heading = s_"Remove LVM2 system.devices file";
+ pod_description =
+ Some (s_"On Linux guests, LVM2's scanning for physical volumes (PVs) may \
+ be restricted to those block devices whose WWIDs are listed in \
+ C<" ^ system_devices_file ^ ">. When cloning VMs, WWIDs may \
+ change, breaking C<lvm pvscan>. Remove \
+ C<" ^ system_devices_file ^ ">.");
+ perform_on_filesystems = Some lvm_system_devices_perform;
+}
+
+let () = register_operation op
--
2.19.1.3.g30247aa5d201
2 years, 7 months
[v2v PATCH] convert: warn about "--mac" options that don't match any source NICs
by Laszlo Ersek
Just before we call "Networks.map", collect all "--mac" references (from
"options.network_map" and "options.static_ips"), and check each against
the list of MACs available on the source ("source.s_nics"). Collect and
report unresolved references.
The algorithm added here has quadratic time complexity, kind of undoing
the sophistication of the "Networks.t" type -- but I don't think we expect
a huge number of NICs / MACs.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1685809
Signed-off-by: Laszlo Ersek <lersek(a)redhat.com>
---
lib/networks.mli | 3 +++
convert/convert.ml | 19 +++++++++++++++++++
lib/networks.ml | 2 ++
3 files changed, 24 insertions(+)
diff --git a/lib/networks.mli b/lib/networks.mli
index 8800e21cbcf0..d1a62bf0cf2e 100644
--- a/lib/networks.mli
+++ b/lib/networks.mli
@@ -55,3 +55,6 @@ val map : t -> Types.source_nic -> Types.source_nic
MAC address mappings take precedence, followed by network
and bridge mappings if no MAC address mapping for the NIC can
be found. *)
+
+val macs : t -> string list
+(** Return all MAC addresses for which address mappings have been added. *)
diff --git a/convert/convert.ml b/convert/convert.ml
index 87fca7252ba3..1e3db6b99780 100644
--- a/convert/convert.ml
+++ b/convert/convert.ml
@@ -47,6 +47,25 @@ type mpstat = {
}
let rec convert dir options source =
+ let nic_macs = List.filter_map
+ (fun { s_mac } ->
+ match s_mac with
+ | None -> None
+ | Some mac -> Some (String.lowercase_ascii mac))
+ source.s_nics
+ and mac_refs1 = Networks.macs options.network_map
+ and mac_refs2 = List.map
+ (fun { if_mac_addr } -> String.lowercase_ascii if_mac_addr)
+ options.static_ips in
+ let unresolved_mac_refs =
+ List.filter (fun mac_ref -> not (List.mem mac_ref nic_macs))
+ (mac_refs1 @ mac_refs2) in
+ if unresolved_mac_refs <> [] then (
+ let mac_list = String.concat ", " unresolved_mac_refs in
+ warning (f_"The following --mac addresses do not match any NICs from the \
+ source: %s") mac_list
+ );
+
let target_nics = List.map (Networks.map options.network_map) source.s_nics in
message (f_"Opening the source");
diff --git a/lib/networks.ml b/lib/networks.ml
index 93250fe40ab0..52646166e496 100644
--- a/lib/networks.ml
+++ b/lib/networks.ml
@@ -103,3 +103,5 @@ let add_default_bridge t o =
if t.default_bridge <> None then
error (f_"duplicate -b/--bridge parameter. Only one default mapping is allowed.");
t.default_bridge <- Some o
+
+let macs t = StringMap.keys t.macs
--
2.19.1.3.g30247aa5d201
2 years, 7 months
[v2v PATCH] input-xen: sync PasswordAuthentication hint from input-vmware manual
by Laszlo Ersek
Unlike in the VMWare input module, we don't have "remote_file_exists"
"scp_from_remote_to_temporary" functions in the Xen input module;
therefore, nothing inherently prevents "-ip" from satisfying all ssh
password requests when using input-xen. However, the Xen server still
needs to permit PasswordAuthentication; sync the appropriate note from the
input-vmware manual to the input-xen manual.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1854275
Signed-off-by: Laszlo Ersek <lersek(a)redhat.com>
---
docs/virt-v2v-input-xen.pod | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/docs/virt-v2v-input-xen.pod b/docs/virt-v2v-input-xen.pod
index c4948e5e0c23..8080ebea7723 100644
--- a/docs/virt-v2v-input-xen.pod
+++ b/docs/virt-v2v-input-xen.pod
@@ -19,7 +19,9 @@ RHEL 5 Xen, or SLES and OpenSUSE Xen hosts.
You can use SSH password authentication, by supplying the name of a
file containing the password to the I<-ip> option (note this option
-does I<not> take the password directly).
+does I<not> take the password directly). You may need to adjust
+F</etc/ssh/sshd_config> on the Xen server to set
+C<PasswordAuthentication yes>.
If you are not using password authentication, an alternative is to use
ssh-agent, and add your ssh public key to
--
2.19.1.3.g30247aa5d201
2 years, 7 months
[v2v PATCH v2] input_vmx: cleanly reject guests with snapshots when using "-it ssh"
by Laszlo Ersek
For traversing a backing chain of VMDK descriptor files over ssh, two
things are necessary:
- qemu-nbd with the ssh block driver, rather than nbdkit-ssh-plugin,
- a remote SSH URL (for qemu-nbd) without a query string appended, as
qemu-nbd cannot update the last pathname component (for tracking the
relative pathnames of VMDK descriptor files) if a query string is
appended.
Before commit 7a6f6113a25f ("v2v: -i vmx -it ssh: Replace qemu block ssh
driver with nbdkit-ssh-plugin.", 2019-10-08), we passed the
"?host_key_check=no" query string in the URL to qemu-nbd, so we can't just
return to that, for accessing snapshotted guests with vmx+ssh.
But, we shouldn't return to qemu-nbd for vmx+ssh even without a query
string, as that would undo the other benefit(s) of commit 7a6f6113a25f.
Instead, clearly document that snapshotted guests are not supported over
vmx+ssh, and cleanly reject this situation in the code as well. Recommend
the two alternative transports that allow the user to convert such guests.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1774386
Signed-off-by: Laszlo Ersek <lersek(a)redhat.com>
---
Notes:
v2:
- in the manual, centralize the description in a new NOTES section, and
reference that section from "-i vmx -it ssh" and "INPUT FROM VMWARE
VMX" [Rich]
- in the code, bail out with error (f_"...") rather than failwith, for
enabling translations [Rich]
- in the error message printed from the code, recommend actions to the
user (reference the new NOTES section of the manual) [Rich]
input/input_vmx.ml | 27 ++++++++------------
docs/virt-v2v-input-vmware.pod | 18 ++++++++++++-
2 files changed, 27 insertions(+), 18 deletions(-)
diff --git a/input/input_vmx.ml b/input/input_vmx.ml
index 9921419b5a85..eed8a4335622 100644
--- a/input/input_vmx.ml
+++ b/input/input_vmx.ml
@@ -81,23 +81,16 @@ module VMX = struct
let vmx_path = path_of_uri uri in
let abs_path = absolute_path_from_other_file vmx_path filename in
- let format = "vmdk" in
+ let flat_vmdk = PCRE.replace (PCRE.compile "\\.vmdk$")
+ "-flat.vmdk" abs_path in
- (* XXX This is a hack to work around qemu / VMDK limitation
- * "Cannot use relative extent paths with VMDK descriptor file"
- * We can remove this if the above is fixed.
- *)
- let abs_path, format =
- let flat_vmdk =
- PCRE.replace (PCRE.compile "\\.vmdk$") "-flat.vmdk" abs_path in
- if remote_file_exists uri flat_vmdk then (flat_vmdk, "raw")
- else (abs_path, format) in
-
- (* XXX In virt-v2v 1.42+ importing from VMX over SSH
- * was broken if the -flat.vmdk file did not exist.
- * It is still broken here.
- *)
- ignore format;
+ (* RHBZ#1774386 *)
+ if not (remote_file_exists uri flat_vmdk) then
+ error (f_"This transport does not support guests with snapshots. \
+ Either collapse the snapshots for this guest and try \
+ the conversion again, or use one of the alternate \
+ conversion methods described in \
+ virt-v2v-input-vmware(1) section \"NOTES\".");
let server = server_of_uri uri in
let port = Option.map string_of_int (port_of_uri uri) in
@@ -110,7 +103,7 @@ module VMX = struct
let cor = dir // "convert" in
let bandwidth = options.bandwidth in
let nbdkit = Nbdkit_ssh.create_ssh ?bandwidth ~cor ~password
- ~server ?port ?user abs_path in
+ ~server ?port ?user flat_vmdk in
let _, pid = Nbdkit.run_unix socket nbdkit in
On_exit.kill pid
) filenames
diff --git a/docs/virt-v2v-input-vmware.pod b/docs/virt-v2v-input-vmware.pod
index 2c90e0afc7cd..66ca5f00d28a 100644
--- a/docs/virt-v2v-input-vmware.pod
+++ b/docs/virt-v2v-input-vmware.pod
@@ -51,6 +51,9 @@ to ESXi to read the F<GUEST.vmx> file and associated disks. This
requires that you have enabled SSH access to the VMware ESXi
hypervisor - in the default ESXi configuration this is turned off.
+This transport is incompatible with guests that have snapshots; refer
+to L</NOTES>.
+
=item B<-ic vpx://...> B<-it vddk>
=item B<-ic esx://...> B<-it vddk>
@@ -84,6 +87,18 @@ import a guest from VMware vCenter. This is the slowest method.
=back
+=head1 NOTES
+
+When accessing the F<I<guest>.vmx> file on ESXi over an SSH connection
+(that is, when using the B<-i vmx> B<-it ssh> options), the conversion
+will not work if the guest has snapshots (files called
+F<I<guest>-000001.vmdk> and similar). Either collapse the snapshots
+for the guest and retry the conversion with the same
+B<-i vmx> B<-it ssh> options, or leave the snapshots intact and use a
+transport different from SSH: just B<-i vmx>, or
+B<-ic vpx://...> B<-it vddk> or B<-ic esx://...> B<-it vddk>. Refer
+to L<https://bugzilla.redhat.com/1774386>.
+
=head1 INPUT FROM VMWARE VMX
Virt-v2v is able to import guests from VMware’s vmx files.
@@ -106,7 +121,8 @@ a C</vmfs/volumes> folder containing the virtual machines.
If you find a folder of files called F<I<guest>.vmx>,
F<I<guest>.vmxf>, F<I<guest>.nvram> and one or more F<.vmdk> disk
-images, then you can use this method.
+images, then you can use this method. The SSH transport is not usable
+if the guest has snapshots; refer to L</NOTES>.
=head2 VMX: Guest must be shut down
--
2.19.1.3.g30247aa5d201
2 years, 7 months
[PATCH 0/2] More NBD spec prep-work before 64-bit headers
by Eric Blake
In implementing my proof-of-concept 64-bit headers, I found the
following spec changes to be independent enough to post for review
now.
Eric Blake (2):
spec: Recommend cap on NBD_REPLY_TYPE_BLOCK_STATUS length
spec: Tweak description of maximum block size
doc/proto.md | 87 ++++++++++++++++++++++++++++++++--------------------
1 file changed, 53 insertions(+), 34 deletions(-)
--
2.35.1
2 years, 7 months
[PATCH guestfs-tools] builder: templates: Enable Fedora image update again
by Richard W.M. Jones
Fixes: commit 3fe941767042bf83d9a252b0819fa6d5a48059d0
---
builder/templates/make-template.ml | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/builder/templates/make-template.ml b/builder/templates/make-template.ml
index fe3039aa06..51f72da969 100755
--- a/builder/templates/make-template.ml
+++ b/builder/templates/make-template.ml
@@ -649,9 +649,11 @@ dracut -f /boot/initramfs-$KERNEL_VERSION.img $KERNEL_VERSION
bpf "%%post\n";
bpf "\
# Ensure the installation is up-to-date.
-# This makes Fedora >= 33 unbootable, see:
+dnf -y --best upgrade
+# This required otherwise the kernel will not be bootable, see
# https://bugzilla.redhat.com/show_bug.cgi?id=1911177
-#dnf -y --best upgrade
+# https://bugzilla.redhat.com/show_bug.cgi?id=1945835#c24
+grub2-mkconfig -o /boot/grub2/grub.cfg
";
let needs_regenerate_dracut = ref false in
--
2.35.1
2 years, 7 months
[PATCH 0/2] tests: fix a couple of paths to test assets
by Nikolay Shirokovskiy
rhbz1044014 actually fails in my setup which is suprising. Yet the test code
seems to have an issue with paths.
rhbz1370424 does not fail but have the same issue. I guess the test itself
need to be fixed further. Although it can not find the .xml file the test
returns success. Also the test does not differentiate between error
and guestfish crash as declared in comments.
Nikolay Shirokovskiy (2):
tests: fix rhbz1044014 to use proper paths
tests: fix rhbz1370424 to use proper path
tests/regressions/rhbz1044014.sh | 19 ++++++++++---------
tests/regressions/rhbz1370424.sh | 2 +-
2 files changed, 11 insertions(+), 10 deletions(-)
--
2.35.1
2 years, 7 months
[v2v PATCH] input_vmx: cleanly reject guests with snapshots when using "-it ssh"
by Laszlo Ersek
For traversing a backing chain of VMDK descriptor files over ssh, two
things are necessary:
- qemu-nbd with the ssh block driver, rather than nbdkit-ssh-plugin,
- a remote SSH URL (for qemu-nbd) without a query string appended, as
qemu-nbd cannot update the last pathname component (for tracking the
relative pathnames of VMDK descriptor files) if a query string is
appended.
Before commit 7a6f6113a25f ("v2v: -i vmx -it ssh: Replace qemu block ssh
driver with nbdkit-ssh-plugin.", 2019-10-08), we passed the
"?host_key_check=no" query string in the URL to qemu-nbd, so we can't just
return to that, for accessing snapshotted guests with vmx+ssh.
But, we shouldn't return to qemu-nbd for vmx+ssh even without a query
string, as that would undo the other benefit(s) of commit 7a6f6113a25f.
Instead, clearly document that snapshotted guests are not supported over
vmx+ssh, and cleanly reject this situation in the code as well. Recommend
the two alternative transports that allow the user to convert such guests.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1774386
Signed-off-by: Laszlo Ersek <lersek(a)redhat.com>
---
input/input_vmx.ml | 23 +++++---------------
docs/virt-v2v-input-vmware.pod | 9 +++++++-
2 files changed, 14 insertions(+), 18 deletions(-)
diff --git a/input/input_vmx.ml b/input/input_vmx.ml
index 9921419b5a85..a22ea288b4a7 100644
--- a/input/input_vmx.ml
+++ b/input/input_vmx.ml
@@ -81,23 +81,12 @@ module VMX = struct
let vmx_path = path_of_uri uri in
let abs_path = absolute_path_from_other_file vmx_path filename in
- let format = "vmdk" in
+ let flat_vmdk = PCRE.replace (PCRE.compile "\\.vmdk$")
+ "-flat.vmdk" abs_path in
- (* XXX This is a hack to work around qemu / VMDK limitation
- * "Cannot use relative extent paths with VMDK descriptor file"
- * We can remove this if the above is fixed.
- *)
- let abs_path, format =
- let flat_vmdk =
- PCRE.replace (PCRE.compile "\\.vmdk$") "-flat.vmdk" abs_path in
- if remote_file_exists uri flat_vmdk then (flat_vmdk, "raw")
- else (abs_path, format) in
-
- (* XXX In virt-v2v 1.42+ importing from VMX over SSH
- * was broken if the -flat.vmdk file did not exist.
- * It is still broken here.
- *)
- ignore format;
+ (* RHBZ#1774386 *)
+ if not (remote_file_exists uri flat_vmdk) then
+ failwith "this transport does not support guests with snapshots";
let server = server_of_uri uri in
let port = Option.map string_of_int (port_of_uri uri) in
@@ -110,7 +99,7 @@ module VMX = struct
let cor = dir // "convert" in
let bandwidth = options.bandwidth in
let nbdkit = Nbdkit_ssh.create_ssh ?bandwidth ~cor ~password
- ~server ?port ?user abs_path in
+ ~server ?port ?user flat_vmdk in
let _, pid = Nbdkit.run_unix socket nbdkit in
On_exit.kill pid
) filenames
diff --git a/docs/virt-v2v-input-vmware.pod b/docs/virt-v2v-input-vmware.pod
index 2c90e0afc7cd..468d1ce06224 100644
--- a/docs/virt-v2v-input-vmware.pod
+++ b/docs/virt-v2v-input-vmware.pod
@@ -51,6 +51,11 @@ to ESXi to read the F<GUEST.vmx> file and associated disks. This
requires that you have enabled SSH access to the VMware ESXi
hypervisor - in the default ESXi configuration this is turned off.
+Note that when using this transport, a guest that has snapshots present
+on the ESXi hypervisor cannot be converted. For such guests, use
+just B<-i vmx> (above), or B<-ic vpx://...> B<-it vddk> or
+B<-ic esx://...> B<-it vddk> (below).
+
=item B<-ic vpx://...> B<-it vddk>
=item B<-ic esx://...> B<-it vddk>
@@ -106,7 +111,9 @@ a C</vmfs/volumes> folder containing the virtual machines.
If you find a folder of files called F<I<guest>.vmx>,
F<I<guest>.vmxf>, F<I<guest>.nvram> and one or more F<.vmdk> disk
-images, then you can use this method.
+images, then you can use this method. The SSH transport is not usable
+if the guest has snapshots (files called F<I<guest>-000001.vmdk> and
+similar); refer to L<https://bugzilla.redhat.com/1774386>.
=head2 VMX: Guest must be shut down
--
2.19.1.3.g30247aa5d201
2 years, 7 months
