4:28 a.m.
For example:
$ virt-v2v -i vmx -it ssh -ip /tmp/passwd \
'ssh://root@esxi/vmfs/volumes/datastore1/Windows/Windows.vmx' -o null
---
v2v/cmdline.ml | 2 +-
v2v/input_libvirt.ml | 2 +-
v2v/input_libvirt_xen_ssh.ml | 8 ++++++--
v2v/input_libvirt_xen_ssh.mli | 2 +-
v2v/input_vmx.ml | 30 +++++++++++++++++-------------
v2v/input_vmx.mli | 4 ++--
v2v/virt-v2v-input-vmware.pod | 19 ++++++++++---------
v2v/virt-v2v-input-xen.pod | 25 ++++++++++++-------------
8 files changed, 50 insertions(+), 42 deletions(-)
diff --git a/v2v/cmdline.ml b/v2v/cmdline.ml
index 641eed017..c6d7af09d 100644
--- a/v2v/cmdline.ml
+++ b/v2v/cmdline.ml
@@ -533,7 +533,7 @@ read the man page virt-v2v(1).
| Some `SSH -> Some `SSH
| Some (`VDDK _) ->
error (f_"only ‘-it ssh’ can be used here") in
- Input_vmx.input_vmx input_transport arg in
+ Input_vmx.input_vmx input_password input_transport arg in
(* Common error message. *)
let error_option_cannot_be_used_in_output_mode mode opt =
diff --git a/v2v/input_libvirt.ml b/v2v/input_libvirt.ml
index a7d1706de..c41c2f60d 100644
--- a/v2v/input_libvirt.ml
+++ b/v2v/input_libvirt.ml
@@ -68,7 +68,7 @@ let input_libvirt input_conn input_password input_transport guest =
(* Xen over SSH *)
| Some server, Some "xen+ssh", _ ->
Input_libvirt_xen_ssh.input_libvirt_xen_ssh
- libvirt_conn parsed_uri server guest
+ libvirt_conn input_password parsed_uri server guest
(* Old virt-v2v also supported qemu+ssh://. However I am
* deliberately not supporting this in new virt-v2v. Don't
diff --git a/v2v/input_libvirt_xen_ssh.ml b/v2v/input_libvirt_xen_ssh.ml
index f5877b054..829406cbf 100644
--- a/v2v/input_libvirt_xen_ssh.ml
+++ b/v2v/input_libvirt_xen_ssh.ml
@@ -30,7 +30,7 @@ open Input_libvirt_other
open Printf
(* Subclass specialized for handling Xen over SSH. *)
-class input_libvirt_xen_ssh libvirt_conn parsed_uri server guest =
+class input_libvirt_xen_ssh libvirt_conn input_password parsed_uri server guest =
object (self)
inherit input_libvirt libvirt_conn guest
@@ -61,7 +61,11 @@ object (self)
disk
| { p_source_disk = disk; p_source = P_source_dev path }
| { p_source_disk = disk; p_source = P_source_file path } ->
- let nbdkit = Nbdkit.create_ssh ?bandwidth ~password:NoPassword
+ let password =
+ match input_password with
+ | None -> Nbdkit.NoPassword
+ | Some ip -> Nbdkit.PasswordFile ip in
+ let nbdkit = Nbdkit.create_ssh ?bandwidth ~password
?port ~server ?user path in
let qemu_uri = Nbdkit.run nbdkit in
{ disk with s_qemu_uri = qemu_uri }
diff --git a/v2v/input_libvirt_xen_ssh.mli b/v2v/input_libvirt_xen_ssh.mli
index 6649b9883..037d1ffbf 100644
--- a/v2v/input_libvirt_xen_ssh.mli
+++ b/v2v/input_libvirt_xen_ssh.mli
@@ -18,4 +18,4 @@
(** [-i libvirt] when the source is Xen *)
-val input_libvirt_xen_ssh : Libvirt.rw Libvirt.Connect.t Lazy.t -> Xml.uri ->
string -> string -> Types.input
+val input_libvirt_xen_ssh : Libvirt.rw Libvirt.Connect.t Lazy.t -> string option ->
Xml.uri -> string -> string -> Types.input
diff --git a/v2v/input_vmx.ml b/v2v/input_vmx.ml
index 1a7b331ee..0b5050506 100644
--- a/v2v/input_vmx.ml
+++ b/v2v/input_vmx.ml
@@ -112,9 +112,9 @@ let remote_file_exists uri path =
eprintf "%s\n%!" cmd;
Sys.command cmd = 0
-let rec find_disks ?bandwidth vmx vmx_source =
- find_scsi_disks ?bandwidth vmx vmx_source
- @ find_ide_disks ?bandwidth vmx vmx_source
+let rec find_disks ?bandwidth input_password vmx vmx_source =
+ find_scsi_disks ?bandwidth input_password vmx vmx_source
+ @ find_ide_disks ?bandwidth input_password vmx vmx_source
(* Find all SCSI hard disks.
*
@@ -124,7 +124,7 @@ let rec find_disks ?bandwidth vmx vmx_source =
* | omitted
* scsi0:0.fileName = "guest.vmdk"
*)
-and find_scsi_disks ?bandwidth vmx vmx_source =
+and find_scsi_disks ?bandwidth input_password vmx vmx_source =
let get_scsi_controller_target ns =
sscanf ns "scsi%d:%d" (fun c t -> c, t)
in
@@ -136,7 +136,7 @@ and find_scsi_disks ?bandwidth vmx vmx_source =
Some "scsi-harddisk"; None ] in
let scsi_controller = Source_SCSI in
- find_hdds ?bandwidth vmx vmx_source
+ find_hdds ?bandwidth input_password vmx vmx_source
get_scsi_controller_target is_scsi_controller_target
scsi_device_types scsi_controller
@@ -146,7 +146,7 @@ and find_scsi_disks ?bandwidth vmx vmx_source =
* ide0:0.deviceType = "ata-hardDisk"
* ide0:0.fileName = "guest.vmdk"
*)
-and find_ide_disks ?bandwidth vmx vmx_source =
+and find_ide_disks ?bandwidth input_password vmx vmx_source =
let get_ide_controller_target ns =
sscanf ns "ide%d:%d" (fun c t -> c, t)
in
@@ -157,11 +157,11 @@ and find_ide_disks ?bandwidth vmx vmx_source =
let ide_device_types = [ Some "ata-harddisk" ] in
let ide_controller = Source_IDE in
- find_hdds ?bandwidth vmx vmx_source
+ find_hdds ?bandwidth input_password vmx vmx_source
get_ide_controller_target is_ide_controller_target
ide_device_types ide_controller
-and find_hdds ?bandwidth vmx vmx_source
+and find_hdds ?bandwidth input_password vmx vmx_source
get_controller_target is_controller_target
device_types controller =
(* Find namespaces matching '(ide|scsi)X:Y' with suitable deviceType. *)
@@ -187,7 +187,7 @@ and find_hdds ?bandwidth vmx vmx_source
match path, v with
| [ns; "filename"], Some filename ->
let c, t = get_controller_target ns in
- let uri, format = qemu_uri_of_filename ?bandwidth
+ let uri, format = qemu_uri_of_filename ?bandwidth input_password
vmx_source filename in
let s = { s_disk_id = (-1);
s_qemu_uri = uri; s_format = Some format;
@@ -215,7 +215,7 @@ and find_hdds ?bandwidth vmx vmx_source
* This constructs a QEMU URI of the filename relative to the
* vmx file (which might be remote over SSH).
*)
-and qemu_uri_of_filename ?bandwidth vmx_source filename =
+and qemu_uri_of_filename ?bandwidth input_password vmx_source filename =
match vmx_source with
| File vmx_filename ->
(* Always ensure this returns an absolute path to avoid
@@ -241,8 +241,12 @@ and qemu_uri_of_filename ?bandwidth vmx_source filename =
let server = server_of_uri uri in
let port = Option.map string_of_int (port_of_uri uri) in
let user = uri.Xml.uri_user in
+ let password =
+ match input_password with
+ | None -> Nbdkit.NoPassword
+ | Some ip -> Nbdkit.PasswordFile ip in
- let nbdkit = Nbdkit.create_ssh ?bandwidth ~password:NoPassword ~server
+ let nbdkit = Nbdkit.create_ssh ?bandwidth ~password ~server
?port ?user abs_path in
let qemu_uri = Nbdkit.run nbdkit in
qemu_uri, format
@@ -383,7 +387,7 @@ and find_nics vmx =
let nics = List.map (fun (_, source) -> source) nics in
nics
-class input_vmx input_transport arg =
+class input_vmx input_password input_transport arg =
let tmpdir =
let base_dir = (open_guestfs ())#get_cachedir () in
let t = Mkdtemp.temp_dir ~base_dir "vmx." in
@@ -488,7 +492,7 @@ object
None
| None -> None in
- let disks = find_disks ?bandwidth vmx vmx_source in
+ let disks = find_disks ?bandwidth input_password vmx vmx_source in
let removables = find_removables vmx in
let nics = find_nics vmx in
diff --git a/v2v/input_vmx.mli b/v2v/input_vmx.mli
index 34ec2a5c6..1570a2a93 100644
--- a/v2v/input_vmx.mli
+++ b/v2v/input_vmx.mli
@@ -18,6 +18,6 @@
(** [-i vmx] source. *)
-val input_vmx : [`SSH] option -> string -> Types.input
-(** [input_vmx input_transport arg] sets up an input
+val input_vmx : string option -> [`SSH] option -> string -> Types.input
+(** [input_vmx input_password input_transport arg] sets up an input
from vmware vmx file. *)
diff --git a/v2v/virt-v2v-input-vmware.pod b/v2v/virt-v2v-input-vmware.pod
index 3acdd773e..11adf1b6c 100644
--- a/v2v/virt-v2v-input-vmware.pod
+++ b/v2v/virt-v2v-input-vmware.pod
@@ -8,6 +8,7 @@ virt-v2v-input-vmware - Using virt-v2v to convert guests from VMware
virt-v2v -i vmx
-it ssh
+ -ip passwordfile
'ssh://root@esxi.example.com/vmfs/volumes/datastore1/guest/guest.vmx'
[-o* options]
@@ -132,21 +133,21 @@ If the vmx and vmdk files aren't available locally then you
must
I<either> mount the NFS storage on the conversion server I<or> enable
passwordless SSH on the ESXi hypervisor.
-=head3 VMX: Passwordless SSH using ssh-agent
+=head3 VMX: SSH authentication
-You must also use ssh-agent, and add your ssh public key to
-F</etc/ssh/keys-root/authorized_keys> (on the ESXi hypervisor).
+You can use SSH password authentication, by supplying the name of a
+file containing the password to the I<-ip> option (note this option
+does I<not> take the password directly).
-After doing this, you should check that passwordless access works from
-the virt-v2v server to the ESXi hypervisor. For example:
+If you are not using password authentication, an alternative is to use
+ssh-agent, and add your ssh public key to
+F</etc/ssh/keys-root/authorized_keys> (on the ESXi hypervisor). After
+doing this, you should check that passwordless access works from the
+virt-v2v server to the ESXi hypervisor. For example:
$ ssh root(a)esxi.example.com
[ logs straight into the shell, no password is requested ]
-Note that password-interactive and Kerberos access are B<not>
-supported. You B<have> to set up ssh access using ssh-agent and
-authorized_keys.
-
=head3 VMX: Construct the SSH URI
When using the SSH input transport you must specify a remote
diff --git a/v2v/virt-v2v-input-xen.pod b/v2v/virt-v2v-input-xen.pod
index 4bb5d2dc2..bafeabf62 100644
--- a/v2v/virt-v2v-input-xen.pod
+++ b/v2v/virt-v2v-input-xen.pod
@@ -5,7 +5,9 @@ virt-v2v-input-xen - Using virt-v2v to convert guests from Xen
=head1 SYNOPSIS
export LIBGUESTFS_BACKEND=direct
- virt-v2v -ic 'xen+ssh://root@xen.example.com' GUEST_NAME [-o* options]
+ virt-v2v -ic 'xen+ssh://root@xen.example.com'
+ -ip passwordfile
+ GUEST_NAME [-o* options]
=head1 DESCRIPTION
@@ -14,24 +16,21 @@ RHEL 5 Xen, or SLES and OpenSUSE Xen hosts.
=head1 INPUT FROM XEN
-=head2 Set up ssh-agent access to Xen host
+=head2 SSH authentication
-Currently you must enable passwordless SSH access to the remote Xen host
-from the virt-v2v conversion server.
+You can use SSH password authentication, by supplying the name of a
+file containing the password to the I<-ip> option (note this option
+does I<not> take the password directly).
-You must also use ssh-agent, and add your ssh public key to
-F</root/.ssh/authorized_keys> (on the Xen host).
-
-After doing this, you should check that passwordless access works
-from the virt-v2v server to the Xen host. For example:
+If you are not using password authentication, an alternative is to use
+ssh-agent, and add your ssh public key to
+F</root/.ssh/authorized_keys> (on the Xen host). After doing this,
+you should check that passwordless access works from the virt-v2v
+server to the Xen host. For example:
$ ssh root(a)xen.example.com
[ logs straight into the shell, no password is requested ]
-Note that password-interactive and Kerberos access are B<not>
-supported. You B<have> to set up ssh access using ssh-agent and
-authorized_keys.
-
With some modern ssh implementations, legacy crypto policies required
to interoperate with RHEL 5 sshd are disabled. To enable them you may
need to run this command on the conversion server (ie. ssh client),
--
2.23.0