For example: $ virt-v2v -i vmx -it ssh -ip /tmp/passwd \ 'ssh://root@esxi/vmfs/volumes/datastore1/Windows/Windows.vmx' -o null --- v2v/cmdline.ml | 2 +- v2v/input_libvirt.ml | 2 +- v2v/input_libvirt_xen_ssh.ml | 8 ++++++-- v2v/input_libvirt_xen_ssh.mli | 2 +- v2v/input_vmx.ml | 30 +++++++++++++++++------------- v2v/input_vmx.mli | 4 ++-- v2v/virt-v2v-input-vmware.pod | 19 ++++++++++--------- v2v/virt-v2v-input-xen.pod | 25 ++++++++++++------------- 8 files changed, 50 insertions(+), 42 deletions(-)
diff --git a/v2v/cmdline.ml b/v2v/cmdline.ml index 641eed017..c6d7af09d 100644 --- a/v2v/cmdline.ml +++ b/v2v/cmdline.ml @@ -533,7 +533,7 @@ read the man page virt-v2v(1). | Some `SSH -> Some `SSH | Some (`VDDK _) -> error (f_"only ‘-it ssh’ can be used here") in - Input_vmx.input_vmx input_transport arg in + Input_vmx.input_vmx input_password input_transport arg in (* Common error message. *) let error_option_cannot_be_used_in_output_mode mode opt = diff --git a/v2v/input_libvirt.ml b/v2v/input_libvirt.ml index a7d1706de..c41c2f60d 100644 --- a/v2v/input_libvirt.ml +++ b/v2v/input_libvirt.ml @@ -68,7 +68,7 @@ let input_libvirt input_conn input_password input_transport guest = (* Xen over SSH *) | Some server, Some "xen+ssh", _ -> Input_libvirt_xen_ssh.input_libvirt_xen_ssh - libvirt_conn parsed_uri server guest + libvirt_conn input_password parsed_uri server guest (* Old virt-v2v also supported qemu+ssh://. However I am * deliberately not supporting this in new virt-v2v. Don't diff --git a/v2v/input_libvirt_xen_ssh.ml b/v2v/input_libvirt_xen_ssh.ml index f5877b054..829406cbf 100644 --- a/v2v/input_libvirt_xen_ssh.ml +++ b/v2v/input_libvirt_xen_ssh.ml @@ -30,7 +30,7 @@ open Input_libvirt_other open Printf (* Subclass specialized for handling Xen over SSH. *) -class input_libvirt_xen_ssh libvirt_conn parsed_uri server guest = +class input_libvirt_xen_ssh libvirt_conn input_password parsed_uri server guest = object (self) inherit input_libvirt libvirt_conn guest @@ -61,7 +61,11 @@ object (self) disk | { p_source_disk = disk; p_source = P_source_dev path } | { p_source_disk = disk; p_source = P_source_file path } -> - let nbdkit = Nbdkit.create_ssh ?bandwidth ~password:NoPassword + let password = + match input_password with + | None -> Nbdkit.NoPassword + | Some ip -> Nbdkit.PasswordFile ip in + let nbdkit = Nbdkit.create_ssh ?bandwidth ~password ?port ~server ?user path in let qemu_uri = Nbdkit.run nbdkit in { disk with s_qemu_uri = qemu_uri } diff --git a/v2v/input_libvirt_xen_ssh.mli b/v2v/input_libvirt_xen_ssh.mli index 6649b9883..037d1ffbf 100644 --- a/v2v/input_libvirt_xen_ssh.mli +++ b/v2v/input_libvirt_xen_ssh.mli @@ -18,4 +18,4 @@ (** [-i libvirt] when the source is Xen *) -val input_libvirt_xen_ssh : Libvirt.rw Libvirt.Connect.t Lazy.t -> Xml.uri -> string -> string -> Types.input +val input_libvirt_xen_ssh : Libvirt.rw Libvirt.Connect.t Lazy.t -> string option -> Xml.uri -> string -> string -> Types.input diff --git a/v2v/input_vmx.ml b/v2v/input_vmx.ml index 1a7b331ee..0b5050506 100644 --- a/v2v/input_vmx.ml +++ b/v2v/input_vmx.ml @@ -112,9 +112,9 @@ let remote_file_exists uri path = eprintf "%s\n%!" cmd; Sys.command cmd = 0 -let rec find_disks ?bandwidth vmx vmx_source = - find_scsi_disks ?bandwidth vmx vmx_source - @ find_ide_disks ?bandwidth vmx vmx_source +let rec find_disks ?bandwidth input_password vmx vmx_source = + find_scsi_disks ?bandwidth input_password vmx vmx_source + @ find_ide_disks ?bandwidth input_password vmx vmx_source (* Find all SCSI hard disks. * @@ -124,7 +124,7 @@ let rec find_disks ?bandwidth vmx vmx_source = * | omitted * scsi0:0.fileName = "guest.vmdk" *) -and find_scsi_disks ?bandwidth vmx vmx_source = +and find_scsi_disks ?bandwidth input_password vmx vmx_source = let get_scsi_controller_target ns = sscanf ns "scsi%d:%d" (fun c t -> c, t) in @@ -136,7 +136,7 @@ and find_scsi_disks ?bandwidth vmx vmx_source = Some "scsi-harddisk"; None ] in let scsi_controller = Source_SCSI in - find_hdds ?bandwidth vmx vmx_source + find_hdds ?bandwidth input_password vmx vmx_source get_scsi_controller_target is_scsi_controller_target scsi_device_types scsi_controller @@ -146,7 +146,7 @@ and find_scsi_disks ?bandwidth vmx vmx_source = * ide0:0.deviceType = "ata-hardDisk" * ide0:0.fileName = "guest.vmdk" *) -and find_ide_disks ?bandwidth vmx vmx_source = +and find_ide_disks ?bandwidth input_password vmx vmx_source = let get_ide_controller_target ns = sscanf ns "ide%d:%d" (fun c t -> c, t) in @@ -157,11 +157,11 @@ and find_ide_disks ?bandwidth vmx vmx_source = let ide_device_types = [ Some "ata-harddisk" ] in let ide_controller = Source_IDE in - find_hdds ?bandwidth vmx vmx_source + find_hdds ?bandwidth input_password vmx vmx_source get_ide_controller_target is_ide_controller_target ide_device_types ide_controller -and find_hdds ?bandwidth vmx vmx_source +and find_hdds ?bandwidth input_password vmx vmx_source get_controller_target is_controller_target device_types controller = (* Find namespaces matching '(ide|scsi)X:Y' with suitable deviceType. *) @@ -187,7 +187,7 @@ and find_hdds ?bandwidth vmx vmx_source match path, v with | [ns; "filename"], Some filename -> let c, t = get_controller_target ns in - let uri, format = qemu_uri_of_filename ?bandwidth + let uri, format = qemu_uri_of_filename ?bandwidth input_password vmx_source filename in let s = { s_disk_id = (-1); s_qemu_uri = uri; s_format = Some format; @@ -215,7 +215,7 @@ and find_hdds ?bandwidth vmx vmx_source * This constructs a QEMU URI of the filename relative to the * vmx file (which might be remote over SSH). *) -and qemu_uri_of_filename ?bandwidth vmx_source filename = +and qemu_uri_of_filename ?bandwidth input_password vmx_source filename = match vmx_source with | File vmx_filename -> (* Always ensure this returns an absolute path to avoid @@ -241,8 +241,12 @@ and qemu_uri_of_filename ?bandwidth vmx_source filename = let server = server_of_uri uri in let port = Option.map string_of_int (port_of_uri uri) in let user = uri.Xml.uri_user in + let password = + match input_password with + | None -> Nbdkit.NoPassword + | Some ip -> Nbdkit.PasswordFile ip in - let nbdkit = Nbdkit.create_ssh ?bandwidth ~password:NoPassword ~server + let nbdkit = Nbdkit.create_ssh ?bandwidth ~password ~server ?port ?user abs_path in let qemu_uri = Nbdkit.run nbdkit in qemu_uri, format @@ -383,7 +387,7 @@ and find_nics vmx = let nics = List.map (fun (_, source) -> source) nics in nics -class input_vmx input_transport arg = +class input_vmx input_password input_transport arg = let tmpdir = let base_dir = (open_guestfs ())#get_cachedir () in let t = Mkdtemp.temp_dir ~base_dir "vmx." in @@ -488,7 +492,7 @@ object None | None -> None in - let disks = find_disks ?bandwidth vmx vmx_source in + let disks = find_disks ?bandwidth input_password vmx vmx_source in let removables = find_removables vmx in let nics = find_nics vmx in diff --git a/v2v/input_vmx.mli b/v2v/input_vmx.mli index 34ec2a5c6..1570a2a93 100644 --- a/v2v/input_vmx.mli +++ b/v2v/input_vmx.mli @@ -18,6 +18,6 @@ (** [-i vmx] source. *) -val input_vmx : [`SSH] option -> string -> Types.input -(** [input_vmx input_transport arg] sets up an input +val input_vmx : string option -> [`SSH] option -> string -> Types.input +(** [input_vmx input_password input_transport arg] sets up an input from vmware vmx file. *) diff --git a/v2v/virt-v2v-input-vmware.pod b/v2v/virt-v2v-input-vmware.pod index 3acdd773e..11adf1b6c 100644 --- a/v2v/virt-v2v-input-vmware.pod +++ b/v2v/virt-v2v-input-vmware.pod @@ -8,6 +8,7 @@ virt-v2v-input-vmware - Using virt-v2v to convert guests from VMware virt-v2v -i vmx -it ssh + -ip passwordfile 'ssh://r...@esxi.example.com/vmfs/volumes/datastore1/guest/guest.vmx' [-o* options] @@ -132,21 +133,21 @@ If the vmx and vmdk files aren't available locally then you must I<either> mount the NFS storage on the conversion server I<or> enable passwordless SSH on the ESXi hypervisor. -=head3 VMX: Passwordless SSH using ssh-agent +=head3 VMX: SSH authentication -You must also use ssh-agent, and add your ssh public key to -F</etc/ssh/keys-root/authorized_keys> (on the ESXi hypervisor). +You can use SSH password authentication, by supplying the name of a +file containing the password to the I<-ip> option (note this option +does I<not> take the password directly). -After doing this, you should check that passwordless access works from -the virt-v2v server to the ESXi hypervisor. For example: +If you are not using password authentication, an alternative is to use +ssh-agent, and add your ssh public key to +F</etc/ssh/keys-root/authorized_keys> (on the ESXi hypervisor). After +doing this, you should check that passwordless access works from the +virt-v2v server to the ESXi hypervisor. For example: $ ssh r...@esxi.example.com [ logs straight into the shell, no password is requested ] -Note that password-interactive and Kerberos access are B<not> -supported. You B<have> to set up ssh access using ssh-agent and -authorized_keys. - =head3 VMX: Construct the SSH URI When using the SSH input transport you must specify a remote diff --git a/v2v/virt-v2v-input-xen.pod b/v2v/virt-v2v-input-xen.pod index 4bb5d2dc2..bafeabf62 100644 --- a/v2v/virt-v2v-input-xen.pod +++ b/v2v/virt-v2v-input-xen.pod @@ -5,7 +5,9 @@ virt-v2v-input-xen - Using virt-v2v to convert guests from Xen =head1 SYNOPSIS export LIBGUESTFS_BACKEND=direct - virt-v2v -ic 'xen+ssh://r...@xen.example.com' GUEST_NAME [-o* options] + virt-v2v -ic 'xen+ssh://r...@xen.example.com' + -ip passwordfile + GUEST_NAME [-o* options] =head1 DESCRIPTION @@ -14,24 +16,21 @@ RHEL 5 Xen, or SLES and OpenSUSE Xen hosts. =head1 INPUT FROM XEN -=head2 Set up ssh-agent access to Xen host +=head2 SSH authentication -Currently you must enable passwordless SSH access to the remote Xen host -from the virt-v2v conversion server. +You can use SSH password authentication, by supplying the name of a +file containing the password to the I<-ip> option (note this option +does I<not> take the password directly). -You must also use ssh-agent, and add your ssh public key to -F</root/.ssh/authorized_keys> (on the Xen host). - -After doing this, you should check that passwordless access works -from the virt-v2v server to the Xen host. For example: +If you are not using password authentication, an alternative is to use +ssh-agent, and add your ssh public key to +F</root/.ssh/authorized_keys> (on the Xen host). After doing this, +you should check that passwordless access works from the virt-v2v +server to the Xen host. For example: $ ssh r...@xen.example.com [ logs straight into the shell, no password is requested ] -Note that password-interactive and Kerberos access are B<not> -supported. You B<have> to set up ssh access using ssh-agent and -authorized_keys. - With some modern ssh implementations, legacy crypto policies required to interoperate with RHEL 5 sshd are disabled. To enable them you may need to run this command on the conversion server (ie. ssh client), -- 2.23.0 _______________________________________________ Libguestfs mailing list Libguestfs@redhat.com https://www.redhat.com/mailman/listinfo/libguestfs