Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1375157 - virt-v2v: -i ova: Permission denied when using libvirt and running as root
Summary: virt-v2v: -i ova: Permission denied when using libvirt and running as root
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libguestfs
Version: 7.3
Hardware: x86_64
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Richard W.M. Jones
QA Contact: Virtualization Bugs
URL:
Whiteboard: V2V
Depends On: 890291 1045069 1359086 1430680
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-12 10:25 UTC by mxie@redhat.com
Modified: 2017-08-01 22:11 UTC (History)
9 users (show)

Fixed In Version: libguestfs-1.36.1-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 22:11:26 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
permission-v2v.log (11.94 KB, text/plain)
2016-09-12 10:26 UTC, mxie@redhat.com 		no flags Details
test-ova.ova (3.89 MB, application/x-tar)
2016-09-12 10:41 UTC, Richard W.M. Jones 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2023 0 normal SHIPPED_LIVE libguestfs bug fix and enhancement update 2017-08-01 19:32:01 UTC

Description mxie@redhat.com 2016-09-12 10:25:59 UTC 
Description of problem:
There is error info about permission when convert a guest from ova file by v2v

Version-Release number of selected component (if applicable):
virt-v2v-1.32.7-3.el7.x86_64
libguestfs-1.32.7-3.el7.x86_64
qemu-kvm-rhev-2.6.0-24.el7.x86_64
libvirt-2.0.0-8.el7.x86_64


How reproducible:
100% 

Steps to Reproduce:
1.Convert a guest from ova file by v2v, but there is error info about permission except error of environment variable, details log pls refer to attachment
# virt-v2v -i ova rhel6.8-vmware-ova.tar -o local -os /var/tmp -of raw
[   0.0] Opening the source -i ova rhel6.8-vmware-ova.tar
[   1.0] Creating an overlay to protect the source from being modified
[   2.7] Initializing the target -o local -os /var/tmp
[   2.7] Opening the overlay
virt-v2v: error: libguestfs error: could not create appliance through 
libvirt.

Try running qemu directly without libvirt using this environment variable:
export LIBGUESTFS_BACKEND=direct

Original error from libvirt: Cannot access backing file 
'/var/tmp/ova.puFtEh/rhel6.8-vmware/juzhou-rhel6u8-disk1.vmdk' of storage 
file '/var/tmp/v2vovl4c0d41.qcow2' (as uid:107, gid:107): Permission denied 
[code=38 int1=13]

If reporting bugs, run virt-v2v with debugging enabled and include the 
complete output:

  virt-v2v -v -x [...]



Actual results:
As above description

Expected results:
There is no error info about permission when convert a guest from ova file by v2v, should shows error info of environment variable as below:
virt-v2v: error: because of libvirt bug 
https://bugzilla.redhat.com/show_bug.cgi?id=1134592 you must set this 
environment variable:

export LIBGUESTFS_BACKEND=direct

and then rerun the virt-v2v command.

If reporting bugs, run virt-v2v with debugging enabled and include the 
complete output:

  virt-v2v -v -x [...]


Additional info:
Comment 1 mxie@redhat.com 2016-09-12 10:26:59 UTC 
Created attachment 1200146 [details]
permission-v2v.log
Comment 2 Richard W.M. Jones 2016-09-12 10:37:08 UTC 
This is a variation of the "libvirt has no session qemu for root" bug
(in libvirt).

virt-v2v unpacks the OVA into a temporary directory, creating files
and directories as root with permissions like 0600.

Libvirt runs qemu as non-root user qemu.qemu.

Either /var/tmp/ova.puFtEh or /var/tmp/ova.puFtEh/rhel6.8-vmware
is not readable by qemu.qemu, and we see this failure.
Comment 3 Pino Toscano 2016-09-12 10:41:23 UTC 
(In reply to Richard W.M. Jones from comment #2)
> This is a variation of the "libvirt has no session qemu for root" bug
> (in libvirt).

... which should be bug 890291 (leaving it here for reference).
Comment 4 Richard W.M. Jones 2016-09-12 10:41:38 UTC 
Created attachment 1200173 [details]
test-ova.ova

Reproduce the bug using the attached dummy OVA file, and
the following command which must be run *as root*:

# virt-v2v -i ova test-ova.ova -o null -of qcow2
[   0.0] Opening the source -i ova test-ova.ova
[   0.0] Creating an overlay to protect the source from being modified
[   0.1] Initializing the target -o null
[   0.1] Opening the overlay
virt-v2v: error: libguestfs error: could not create appliance through 
libvirt.

Try running qemu directly without libvirt using this environment variable:
export LIBGUESTFS_BACKEND=direct

Original error from libvirt: Cannot access backing file 
'/var/tmp/ova.tlxP2U/test-ova.vmdk' of storage file 
'/var/tmp/v2vovld54bdb.qcow2' (as uid:107, gid:107): Permission denied 
[code=38 int1=13]
Comment 5 Richard W.M. Jones 2016-09-12 10:54:21 UTC 
I posted a patch:

https://www.redhat.com/archives/libguestfs/2016-September/msg00063.html

# virt-v2v -i ova test-ova.ova -o null -of qcow2
[   0.0] Opening the source -i ova test-ova.ova
virt-v2v: warning: making OVA directory public readable to workaround 
libvirt bug https://bugzilla.redhat.com/890291
[   0.0] Creating an overlay to protect the source from being modified
[   0.1] Initializing the target -o null
[   0.1] Opening the overlay
[  15.2] Inspecting the overlay
etc
Comment 6 Richard W.M. Jones 2016-10-11 09:50:52 UTC 
I pushed this patch upstream over some objections because we now
have customers reporting it to me and a customer solution on
RHN (https://access.redhat.com/solutions/2110391).  Some fix is
needed even if it's not ideal.

Upstream commit is:
https://github.com/libguestfs/libguestfs/commit/d9b2a16c71d0c87195e28c1325fd83b344741339
Comment 13 kuwei@redhat.com 2017-03-17 06:18:46 UTC 
From bug 1430680,verify the bug with below builds again:

virt-v2v-1.36.2-2.el7.x86_64
libguestfs-1.36.2-2.el7.x86_64
libvirt-3.1.0-2.el7.x86_64
qemu-kvm-rhev-2.8.0-6.el7.x86_64

Verify steps:
1.Convert a guest from ova file by v2v
# virt-v2v -i ova rhel6.7-efi.ova -o null -of qcow2
[   0.0] Opening the source -i ova rhel6.7-efi.ova
virt-v2v: warning: making OVA directory public readable to work around 
libvirt bug https://bugzilla.redhat.com/1045069
[  28.1] Creating an overlay to protect the source from being modified
[  28.4] Initializing the target -o null
[  28.4] Opening the overlay
[  30.2] Inspecting the overlay
[  44.3] Checking for sufficient free disk space in the guest
[  44.3] Estimating space required on target for each disk
[  44.3] Converting Red Hat Enterprise Linux Server release 6.7 Beta (Santiago) to run on KVM
virt-v2v: This guest has virtio drivers installed.
[ 120.5] Mapping filesystem data to avoid copying unused and blank areas
virt-v2v: warning: fstrim on guest filesystem /dev/sda1 failed.  Usually 
you can ignore this message.  To find out more read "Trimming" in 
virt-v2v(1).

Original message: fstrim: fstrim: /sysroot/: the discard operation is not 
supported
[ 120.7] Closing the overlay
[ 121.0] Checking if the guest needs BIOS or UEFI to boot
virt-v2v: This guest requires UEFI on the target to boot.
[ 121.0] Assigning disks to buses
[ 121.0] Copying disk 1/1 to /var/tmp/null.hSQkWU/sda (qcow2)
    (100.00/100%)
[ 147.7] Creating output metadata
[ 147.7] Finishing off


Result : There is error info about permission when convert a guest from ova file by v2v

2:Reboot test server to verify it again.
# virt-v2v -i ova rhel6.7-efi.ova -o null -of raw

Result: There is error info when convert a guest from ova file by v2v

So,I think we could move this to VERIFIED
Comment 14 errata-xmlrpc 2017-08-01 22:11:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2023
Note You need to log in before you can comment on or make changes to this bug.