.\" Automatically generated by Podwrapper::Man 1.40.2 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "virt-v2v-input-vmware 1" .TH virt-v2v-input-vmware 1 "2019-02-07" "libguestfs-1.40.2" "Virtualization Support" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "名前" .IX Header "名前" virt\-v2v\-input\-vmware \- Using virt\-v2v to convert guests from VMware .SH "書式" .IX Header "書式" .Vb 1 \& virt\-v2v \-i vmx GUEST.vmx [\-o* options] \& \& virt\-v2v \-i vmx \& \-it ssh \& \*(Aqssh://root@esxi.example.com/vmfs/volumes/datastore1/guest/guest.vmx\*(Aq \& [\-o* options] \& \& virt\-v2v \& \-ic \*(Aqvpx://root@vcenter.example.com/Datacenter/esxi?no_verify=1\*(Aq \& \-it vddk \& \-io vddk\-libdir=/path/to/vmware\-vix\-disklib\-distrib \& \-io vddk\-thumbprint=xx:xx:xx:... \& "GUEST NAME" \& [\-o* options] \& \& virt\-v2v \-i ova DISK.ova [\-o* options] \& \& virt\-v2v \& \-ic \*(Aqvpx://root@vcenter.example.com/Datacenter/esxi?no_verify=1\*(Aq \& "GUEST NAME" [\-o* options] .Ve .SH "説明" .IX Header "説明" This page documents how to use \fBvirt\-v2v\fR\|(1) to convert guests from VMware. There are currently five different methods to access VMware: .IP "\fB\-i vmx\fR \s-1GUEST\s0\fB.vmx\fR" 4 .IX Item "-i vmx GUEST.vmx" Full documentation: \*(L"\s-1INPUT FROM VMWARE VMX\*(R"\s0 .Sp If you either have a \fI\s-1GUEST\s0.vmx\fR file and one or more \fI\s-1GUEST\s0.vmdk\fR disk image files, or if you are able to NFS-mount the VMware storage, then you can use the \fI\-i vmx\fR method to read the source guest. .IP "\fB\-i vmx\fR \fB\-it ssh\fR ssh://..." 4 .IX Item "-i vmx -it ssh ssh://..." Full documentation: \*(L"\s-1INPUT FROM VMWARE VMX\*(R"\s0 .Sp This is similar to the method above, except it uses an \s-1SSH\s0 connection to ESXi to read the \fI\s-1GUEST\s0.vmx\fR file and associated disks. This requires that you have enabled \s-1SSH\s0 access to the VMware ESXi hypervisor \- in the default ESXi configuration this is turned off. .IP "\fB\-ic vpx://...\fR \fB\-it vddk\fR" 4 .IX Item "-ic vpx://... -it vddk" .PD 0 .IP "\fB\-ic esx://...\fR \fB\-it vddk\fR" 4 .IX Item "-ic esx://... -it vddk" .PD Full documentation: \*(L"\s-1INPUT FROM VDDK\*(R"\s0 .Sp This method uses the proprietary \s-1VDDK\s0 library (a.k.a. VixDiskLib) to access the VMware vCenter server or VMware ESXi hypervisor. .Sp If you have the proprietary library then this method is usually the fastest and most flexible. If you don't have or don't want to use non-free software then the \s-1VMX\s0 or \s-1SSH\s0 methods above will be best. .IP "\fB\-i ova\fR \s-1DISK\s0\fB.ova\fR" 4 .IX Item "-i ova DISK.ova" Full documentation: \*(L"\s-1INPUT FROM VMWARE OVA\*(R"\s0 .Sp With this method you must first export the guest (eg. from vSphere) as an \&\fI.ova\fR file, which virt\-v2v can then read directly. Note this method only works with files exported from VMware, not \s-1OVA\s0 files that come from other hypervisors or management systems, since \s-1OVA\s0 is only a pretend standard and is not compatible or interoperable between vendors. .ie n .IP "\fB\-ic vpx://...\fR ""\s-1GUEST NAME""\s0" 4 .el .IP "\fB\-ic vpx://...\fR ``\s-1GUEST NAME''\s0" 4 .IX Item "-ic vpx://... GUEST NAME" Full documentation: \*(L"\s-1INPUT FROM VMWARE VCENTER SERVER\*(R"\s0 .Sp If none of the above methods is available, then use this method to import a guest from VMware vCenter. This is the slowest method. .SH "INPUT FROM VMWARE VMX" .IX Header "INPUT FROM VMWARE VMX" Virt\-v2v is able to import guests from VMware’s vmx files. .PP This is useful in two cases: .IP "1." 4 VMware virtual machines are stored on a separate \s-1NFS\s0 server and you are able to mount the \s-1NFS\s0 storage directly. .IP "2." 4 You have enabled \s-1SSH\s0 access to the VMware ESXi hypervisor and there is a \&\f(CW\*(C`/vmfs/volumes\*(C'\fR folder containing the virtual machines. .PP If you find a folder of files called \fI\fIguest\fI.vmx\fR, \fI\fIguest\fI.vmxf\fR, \&\fI\fIguest\fI.nvram\fR and one or more \fI.vmdk\fR disk images, then you can use this method. .SS "\s-1VMX:\s0 Remove VMware tools from Windows guests" .IX Subsection "VMX: Remove VMware tools from Windows guests" For Windows guests, you should remove VMware tools before conversion. Although this is not strictly necessary, and the guest will still be able to run, if you don't do this then the converted guest will complain on every boot. The tools cannot be removed after conversion because the uninstaller checks if it is running on VMware and refuses to start (which is also the reason that virt\-v2v cannot remove them). .PP This is not necessary for Linux guests, as virt\-v2v is able to remove VMware tools. .SS "\s-1VMX:\s0 Guest must be shut down" .IX Subsection "VMX: Guest must be shut down" \&\fBThe guest must be shut down before conversion starts\fR. If you don't shut it down, you will end up with a corrupted \s-1VM\s0 disk on the target. With other methods, virt\-v2v tries to prevent concurrent access, but because the \fI\-i vmx\fR method works directly against the storage, checking for concurrent access is not possible. .SS "\s-1VMX:\s0 Access to the storage containing the \s-1VMX\s0 and \s-1VMDK\s0 files" .IX Subsection "VMX: Access to the storage containing the VMX and VMDK files" If the vmx and vmdk files aren't available locally then you must \fIeither\fR mount the \s-1NFS\s0 storage on the conversion server \fIor\fR enable passwordless \s-1SSH\s0 on the ESXi hypervisor. .PP \fI\s-1VMX:\s0 Passwordless \s-1SSH\s0 using ssh-agent\fR .IX Subsection "VMX: Passwordless SSH using ssh-agent" .PP You must also use ssh-agent, and add your ssh public key to \&\fI/etc/ssh/keys\-root/authorized_keys\fR (on the ESXi hypervisor). .PP After doing this, you should check that passwordless access works from the virt\-v2v server to the ESXi hypervisor. For example: .PP .Vb 2 \& $ ssh root@esxi.example.com \& [ logs straight into the shell, no password is requested ] .Ve .PP Note that password-interactive and Kerberos access are \fBnot\fR supported. You \fBhave\fR to set up ssh access using ssh-agent and authorized_keys. .PP \fI\s-1VMX:\s0 Construct the \s-1SSH URI\s0\fR .IX Subsection "VMX: Construct the SSH URI" .PP When using the \s-1SSH\s0 input transport you must specify a remote \f(CW\*(C`ssh://...\*(C'\fR \&\s-1URI\s0 pointing to the \s-1VMX\s0 file. A typical \s-1URI\s0 looks like: .PP .Vb 1 \& ssh://root@esxi.example.com/vmfs/volumes/datastore1/my%20guest/my%20guest.vmx .Ve .PP Any space must be escaped with \f(CW%20\fR and other non-ASCII characters may also need to be URI-escaped. .PP The username is not required if it is the same as your local username. .PP You may optionally supply a port number after the hostname if the \s-1SSH\s0 server is not listening on the default port (22). .SS "\s-1VMX:\s0 Importing a guest" .IX Subsection "VMX: Importing a guest" To import a vmx file from a local file or \s-1NFS,\s0 do: .PP .Vb 1 \& $ virt\-v2v \-i vmx guest.vmx \-o local \-os /var/tmp .Ve .PP To import a vmx file over \s-1SSH,\s0 add \fI\-it ssh\fR to select the \s-1SSH\s0 transport and supply a remote \s-1SSH URI:\s0 .PP .Vb 4 \& $ virt\-v2v \e \& \-i vmx \-it ssh \e \& "ssh://root@esxi.example.com/vmfs/volumes/datastore1/guest/guest.vmx" \e \& \-o local \-os /var/tmp .Ve .PP Virt\-v2v processes the vmx file and uses it to find the location of any vmdk disks. .SH "INPUT FROM VDDK" .IX Header "INPUT FROM VDDK" Virt\-v2v is able to import guests using VMware’s proprietary \s-1VDDK\s0 library (a.k.a. VixDiskLib). .SS "\s-1VDDK:\s0 Prerequisites" .IX Subsection "VDDK: Prerequisites" .IP "1." 4 As the \s-1VDDK\s0 library is not open source, and the license of this library does not permit redistribution or commercial use, you must obtain \s-1VDDK\s0 yourself and satisfy yourself that your usage of the library is permitted by the license. .IP "2." 4 You must also compile nbdkit, enabling the \s-1VDDK\s0 plugin. nbdkit ≥ 1.1.25 is recommended, but it is usually best to compile from the git tree. .RS 4 .IP "\(bu" 4 https://github.com/libguestfs/nbdkit .IP "\(bu" 4 https://github.com/libguestfs/nbdkit/tree/master/plugins/vddk .RE .RS 4 .Sp Compile nbdkit as described in the sources (see link above). .Sp You do \fBnot\fR need to run \f(CW\*(C`make install\*(C'\fR because you can run nbdkit from its source directory. The source directory has a shell script called \&\fInbdkit\fR which runs the locally built copy of nbdkit and its plugins. So set \f(CW$PATH\fR to point to the nbdkit top build directory (that is, the directory containing the shell script called \fInbdkit\fR), eg: .Sp .Vb 1 \& export PATH=/path/to/nbdkit\-1.1.x:$PATH .Ve .RE .IP "3." 4 You must find the \s-1SSL\s0 \*(L"thumbprint\*(R" of your VMware server. How to do this is explained in \fBnbdkit\-vddk\-plugin\fR\|(1), also available at the link above. .IP "4." 4 \&\s-1VDDK\s0 imports require a feature added in libvirt ≥ 3.7. .SS "\s-1VDDK:\s0 ESXi \s-1NFC\s0 service memory limits" .IX Subsection "VDDK: ESXi NFC service memory limits" In the verbose log you may see errors like: .PP .Vb 3 \& nbdkit: vddk[3]: error: [NFC ERROR] NfcFssrvrProcessErrorMsg: \& received NFC error 5 from server: Failed to allocate the \& requested 2097176 bytes .Ve .PP This seems especially common when there are multiple parallel connections open to the VMware server. .PP These can be caused by resource limits set on the VMware server. You can increase the limit for the \s-1NFC\s0 service by editing \&\fI/etc/vmware/hostd/config.xml\fR and adjusting the \f(CW\*(C`\*(C'\fR setting: .PP .Vb 6 \& \& libnfcsvc.so \& true \& 50331648 \& 10485760 \& .Ve .PP and restarting the \f(CW\*(C`hostd\*(C'\fR service: .PP .Vb 1 \& # /etc/init.d/hostd restart .Ve .PP For more information see https://bugzilla.redhat.com/1614276. .SS "\s-1VDDK: URI\s0" .IX Subsection "VDDK: URI" Construct the correct \f(CW\*(C`vpx://\*(C'\fR (for vCenter) or \f(CW\*(C`esx://\*(C'\fR (for ESXi) \s-1URL.\s0 It will look something like these: .PP .Vb 1 \& vpx://root@vcenter.example.com/Datacenter/esxi \& \& esx://root@esxi.example.com .Ve .PP To verify that you have the correct \s-1URL,\s0 use the \fBvirsh\fR\|(1) command to list the guests on the server: .PP .Vb 2 \& $ virsh \-c \*(Aqvpx://root@vcenter.example.com/Datacenter/esxi\*(Aq list \-\-all \& Enter root\*(Aqs password for vcenter.example.com: *** \& \& Id Name State \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \& \- Fedora 20 shut off \& \- Windows 2003 shut off .Ve .PP If you get an error \*(L"Peer certificate cannot be authenticated with given \s-1CA\s0 certificates\*(R" or similar, then you can either import the vCenter host’s certificate, or bypass signature verification by adding the \f(CW\*(C`?no_verify=1\*(C'\fR flag: .PP .Vb 1 \& $ virsh \-c \*(Aqvpx://root@vcenter.example.com/Datacenter/esxi?no_verify=1\*(Aq list \-\-all .Ve .PP You should also try dumping the metadata from any guest on your server, like this: .PP .Vb 6 \& $ virsh \-c \*(Aqvpx://root@vcenter.example.com/Datacenter/esxi\*(Aq dumpxml "Windows 2003" \& \& Windows 2003 \& [...] \& vm\-123 \& .Ve .PP If \f(CW\*(C`\*(C'\fR does not appear in the metadata, then you need to upgrade libvirt. .PP \&\fBIf the above commands do not work, then virt\-v2v is not going to work either\fR. Fix your \s-1URI\s0 and/or your VMware server before continuing. .SS "\s-1VDDK:\s0 Importing a guest" .IX Subsection "VDDK: Importing a guest" The \fI\-it vddk\fR parameter selects \s-1VDDK\s0 as the input transport for disks. .PP To import a particular guest from vCenter server or ESXi hypervisor, use a command like the following, substituting the \s-1URI,\s0 guest name and \s-1SSL\s0 thumbprint: .PP .Vb 8 \& $ export PATH=/path/to/nbdkit\-1.1.x:$PATH \& $ virt\-v2v \e \& \-ic \*(Aqvpx://root@vcenter.example.com/Datacenter/esxi?no_verify=1\*(Aq \e \& \-it vddk \e \& \-io vddk\-libdir=/path/to/vmware\-vix\-disklib\-distrib \e \& \-io vddk\-thumbprint=xx:xx:xx:... \e \& "Windows 2003" \e \& \-o local \-os /var/tmp .Ve .PP Other options that you might need to add in rare circumstances include \fI\-io vddk-config\fR, \fI\-io vddk-cookie\fR, \fI\-io vddk-nfchostport\fR, \fI\-io vddk-port\fR, \&\fI\-io vddk-snapshot\fR, and \fI\-io vddk-transports\fR, which are all explained in the \fBnbdkit\-vddk\-plugin\fR\|(1) documentation. Do not use these options unless you know what you are doing. .SS "\s-1VDDK:\s0 Debugging \s-1VDDK\s0 failures" .IX Subsection "VDDK: Debugging VDDK failures" The \s-1VDDK\s0 library can be operated in a verbose mode where it gives (very) verbose messages. Use ‘virt\-v2v \-v \-x’ as usual to enable verbose messages. .SH "INPUT FROM VMWARE OVA" .IX Header "INPUT FROM VMWARE OVA" Virt\-v2v is able to import guests from VMware’s \s-1OVA\s0 (Open Virtualization Appliance) files. Only OVAs exported from VMware vSphere will work. .SS "\s-1OVA:\s0 Remove VMware tools from Windows guests" .IX Subsection "OVA: Remove VMware tools from Windows guests" For Windows guests, you should remove VMware tools before conversion. Although this is not strictly necessary, and the guest will still be able to run, if you don't do this then the converted guest will complain on every boot. The tools cannot be removed after conversion because the uninstaller checks if it is running on VMware and refuses to start (which is also the reason that virt\-v2v cannot remove them). .PP This is not necessary for Linux guests, as virt\-v2v is able to remove VMware tools. .SS "\s-1OVA:\s0 Create \s-1OVA\s0" .IX Subsection "OVA: Create OVA" To create an \s-1OVA\s0 in vSphere, use the \*(L"Export \s-1OVF\s0 Template\*(R" option (from the \&\s-1VM\s0 context menu, or from the File menu). Either \*(L"Folder of files\*(R" (\s-1OVF\s0) or \&\*(L"Single file\*(R" (\s-1OVA\s0) will work, but \s-1OVA\s0 is probably easier to deal with. \s-1OVA\s0 files are really just uncompressed tar files, so you can use commands like \&\f(CW\*(C`tar tf VM.ova\*(C'\fR to view their contents. .PP \fICreate \s-1OVA\s0 with ovftool\fR .IX Subsection "Create OVA with ovftool" .PP You can also use VMware’s proprietary \f(CW\*(C`ovftool\*(C'\fR: .PP .Vb 3 \& ovftool \-\-noSSLVerify \e \& vi://USER:PASSWORD@esxi.example.com/VM \e \& VM.ova .Ve .PP To connect to vCenter: .PP .Vb 3 \& ovftool \-\-noSSLVerify \e \& vi://USER:PASSWORD@vcenter.example.com/DATACENTER\-NAME/vm/VM \e \& VM.ova .Ve .PP For Active Directory-aware authentication, you have to express the \f(CW\*(C`@\*(C'\fR character in the form of its ascii hex-code (\f(CW%5c\fR): .PP .Vb 1 \& vi://DOMAIN%5cUSER:PASSWORD@... .Ve .SS "\s-1OVA:\s0 Importing a guest" .IX Subsection "OVA: Importing a guest" To import an \s-1OVA\s0 file called \fI\s-1VM\s0.ova\fR, do: .PP .Vb 1 \& $ virt\-v2v \-i ova VM.ova \-o local \-os /var/tmp .Ve .PP If you exported the guest as a \*(L"Folder of files\*(R", \fIor\fR if you unpacked the \&\s-1OVA\s0 tarball yourself, then you can point virt\-v2v at the directory containing the files: .PP .Vb 1 \& $ virt\-v2v \-i ova /path/to/files \-o local \-os /var/tmp .Ve .SH "INPUT FROM VMWARE VCENTER SERVER" .IX Header "INPUT FROM VMWARE VCENTER SERVER" Virt\-v2v is able to import guests from VMware vCenter Server. .PP vCenter ≥ 5.0 is required. If you don’t have vCenter, using \s-1OVA\s0 or \s-1VMX\s0 is recommended instead (see \*(L"\s-1INPUT FROM VMWARE OVA\*(R"\s0 and/or \*(L"\s-1INPUT FROM VMWARE VMX\*(R"\s0). .PP Virt\-v2v uses libvirt for access to vCenter, and therefore the input mode should be \fI\-i libvirt\fR. As this is the default, you don't need to specify it on the command line. .SS "vCenter: Remove VMware tools from Windows guests" .IX Subsection "vCenter: Remove VMware tools from Windows guests" For Windows guests, you should remove VMware tools before conversion. Although this is not strictly necessary, and the guest will still be able to run, if you don't do this then the converted guest will complain on every boot. The tools cannot be removed after conversion because the uninstaller checks if it is running on VMware and refuses to start (which is also the reason that virt\-v2v cannot remove them). .PP This is not necessary for Linux guests, as virt\-v2v is able to remove VMware tools. .SS "vCenter: \s-1URI\s0" .IX Subsection "vCenter: URI" The libvirt \s-1URI\s0 of a vCenter server looks something like this: .PP .Vb 1 \& vpx://user@server/Datacenter/esxi .Ve .PP where: .ie n .IP """user@""" 4 .el .IP "\f(CWuser@\fR" 4 .IX Item "user@" is the (optional, but recommended) user to connect as. .Sp If the username contains a backslash (eg. \f(CW\*(C`DOMAIN\eUSER\*(C'\fR) then you will need to URI-escape that character using \f(CW%5c\fR: \f(CW\*(C`DOMAIN%5cUSER\*(C'\fR (5c is the hexadecimal \s-1ASCII\s0 code for backslash.) Other punctuation may also have to be escaped. .ie n .IP """server""" 4 .el .IP "\f(CWserver\fR" 4 .IX Item "server" is the vCenter Server (\fInot\fR hypervisor). .ie n .IP """Datacenter""" 4 .el .IP "\f(CWDatacenter\fR" 4 .IX Item "Datacenter" is the name of the datacenter. .Sp If the name contains a space, replace it with the URI-escape code \f(CW%20\fR. .ie n .IP """esxi""" 4 .el .IP "\f(CWesxi\fR" 4 .IX Item "esxi" is the name of the ESXi hypervisor running the guest. .PP If the VMware deployment is using folders, then these may need to be added to the \s-1URI,\s0 eg: .PP .Vb 1 \& vpx://user@server/Folder/Datacenter/esxi .Ve .PP For full details of libvirt URIs, see: http://libvirt.org/drvesx.html .PP Typical errors from libvirt / virsh when the \s-1URI\s0 is wrong include: .IP "\(bu" 4 Could not find datacenter specified in [...] .IP "\(bu" 4 Could not find compute resource specified in [...] .IP "\(bu" 4 Path [...] does not specify a compute resource .IP "\(bu" 4 Path [...] does not specify a host system .IP "\(bu" 4 Could not find host system specified in [...] .SS "vCenter: Test libvirt connection to vCenter" .IX Subsection "vCenter: Test libvirt connection to vCenter" Use the \fBvirsh\fR\|(1) command to list the guests on the vCenter Server like this: .PP .Vb 2 \& $ virsh \-c \*(Aqvpx://root@vcenter.example.com/Datacenter/esxi\*(Aq list \-\-all \& Enter root\*(Aqs password for vcenter.example.com: *** \& \& Id Name State \& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- \& \- Fedora 20 shut off \& \- Windows 2003 shut off .Ve .PP If you get an error \*(L"Peer certificate cannot be authenticated with given \s-1CA\s0 certificates\*(R" or similar, then you can either import the vCenter host’s certificate, or bypass signature verification by adding the \f(CW\*(C`?no_verify=1\*(C'\fR flag: .PP .Vb 1 \& $ virsh \-c \*(Aqvpx://root@vcenter.example.com/Datacenter/esxi?no_verify=1\*(Aq list \-\-all .Ve .PP You should also try dumping the metadata from any guest on your server, like this: .PP .Vb 5 \& $ virsh \-c \*(Aqvpx://root@vcenter.example.com/Datacenter/esxi\*(Aq dumpxml "Windows 2003" \& \& Windows 2003 \& [...] \& .Ve .PP \&\fBIf the above commands do not work, then virt\-v2v is not going to work either\fR. Fix your libvirt configuration and/or your VMware vCenter Server before continuing. .SS "vCenter: Importing a guest" .IX Subsection "vCenter: Importing a guest" To import a particular guest from vCenter Server, do: .PP .Vb 3 \& $ virt\-v2v \-ic \*(Aqvpx://root@vcenter.example.com/Datacenter/esxi?no_verify=1\*(Aq \e \& "Windows 2003" \e \& \-o local \-os /var/tmp .Ve .PP where \f(CW\*(C`Windows 2003\*(C'\fR is the name of the guest (which must be shut down). .PP Note that you may be asked for the vCenter password \fItwice\fR. This happens once because libvirt needs it, and a second time because virt\-v2v itself connects directly to the server. Use \fI\-ip\fR \fIfilename\fR to supply a password via a file. .PP In this case the output flags are set to write the converted guest to a temporary directory as this is just an example, but you can also write to libvirt or any other supported target. .SS "vCenter: Non-administrator role" .IX Subsection "vCenter: Non-administrator role" Instead of using the vCenter Administrator role, you can create a custom non-administrator role to perform the conversion. You will however need to give it a minimum set of permissions as follows (using VMware vCenter 6.5): .IP "1." 4 Create a custom role in vCenter. .IP "2." 4 Enable (check) the following objects: .Sp .Vb 3 \& Datastore: \& \- Browse datastore \& \- Low level file operations \& \& Sessions: \& \- Validate session \& \& Virtual Machine: \& Interaction: \& \- Guest operating system management by VIX API \& Provisioning: \& \- Allow disk access \& \- Allow read\-only disk access .Ve .SS "vCenter: Firewall and proxy settings" .IX Subsection "vCenter: Firewall and proxy settings" \fIvCenter: Ports\fR .IX Subsection "vCenter: Ports" .PP If there is a firewall between the virt\-v2v conversion server and the vCenter server, then you will need to open port 443 (https) and port 5480. .PP Port 443 is used to copy the guest disk image(s). Port 5480 is used to query vCenter for guest metadata. .PP These port numbers are only the defaults. It is possible to reconfigure vCenter to use other port numbers. In that case you would need to specify those ports in the \f(CW\*(C`vpx://\*(C'\fR \s-1URI.\s0 See \*(L"vCenter: \s-1URI\*(R"\s0 above. .PP These ports only apply to virt\-v2v conversions. You may have to open other ports for other vCenter functionality, for example the web user interface. VMware documents the required ports for vCenter in their online documentation. .PP .Vb 6 \& ┌────────────┐ port 443 ┌────────────┐ ┌────────────┐ \& │ virt\-v2v │────────────▶ vCenter │────────▶ ESXi │ \& │ conversion │────────────▶ server │ │ hypervisor │ \& │ server │ port 5480 │ │ │ ┌─────┐ │ \& └────────────┘ └────────────┘ │ │guest│ │ \& └───┴─────┴──┘ .Ve .PP (In the diagram above the arrows show the direction in which the \s-1TCP\s0 connection is initiated, \fInot\fR necessarily the direction of data transfer.) .PP Virt\-v2v itself does not connect directly to the ESXi hypervisor containing the guest. However vCenter connects to the hypervisor and forwards the information, so if you have a firewall between vCenter and its hypervisors you may need to open additional ports (consult VMware documentation). .PP The proxy environment variables (\f(CW\*(C`https_proxy\*(C'\fR, \f(CW\*(C`all_proxy\*(C'\fR, \f(CW\*(C`no_proxy\*(C'\fR, \&\f(CW\*(C`HTTPS_PROXY\*(C'\fR, \f(CW\*(C`ALL_PROXY\*(C'\fR and \f(CW\*(C`NO_PROXY\*(C'\fR) are \fBignored\fR when doing vCenter conversions. .SS "vCenter: \s-1SSL/TLS\s0 certificate problems" .IX Subsection "vCenter: SSL/TLS certificate problems" You may see this error: .PP .Vb 2 \& CURL: Error opening file: SSL: no alternative certificate subject \& name matches target host name .Ve .PP (You may need to enable debugging with ‘virt\-v2v \-v \-x’ to see this message). .PP This can be caused by using an \s-1IP\s0 address instead of the fully-qualified \s-1DNS\s0 domain name of the vCenter server, ie. use \f(CW\*(C`vpx://vcenter.example.com/...\*(C'\fR instead of \f(CW\*(C`vpx://11.22.33.44/...\*(C'\fR .PP Another certificate problem can be caused by the vCenter server having a mismatching \s-1FQDN\s0 and \s-1IP\s0 address, for example if the server acquired a new \s-1IP\s0 address from \s-1DHCP.\s0 To fix this you need to change your \s-1DHCP\s0 server or network configuration so that the vCenter server always gets a stable \s-1IP\s0 address. After that log in to the vCenter server’s admin console at \&\f(CW\*(C`https://vcenter:5480/\*(C'\fR. Under the \f(CW\*(C`Admin\*(C'\fR tab, select \f(CW\*(C`Certificate regeneration enabled\*(C'\fR and then reboot it. .SH "関連項目" .IX Header "関連項目" \&\fBvirt\-v2v\fR\|(1). .SH "著者" .IX Header "著者" Richard W.M. Jones .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright (C) 2009\-2019 Red Hat Inc. .SH "LICENSE" .IX Header "LICENSE" .SH "BUGS" .IX Header "BUGS" To get a list of bugs against libguestfs, use this link: https://bugzilla.redhat.com/buglist.cgi?component=libguestfs&product=Virtualization+Tools .PP To report a new bug against libguestfs, use this link: https://bugzilla.redhat.com/enter_bug.cgi?component=libguestfs&product=Virtualization+Tools .PP When reporting a bug, please supply: .IP "\(bu" 4 The version of libguestfs. .IP "\(bu" 4 Where you got libguestfs (eg. which Linux distro, compiled from source, etc) .IP "\(bu" 4 Describe the bug accurately and give a way to reproduce it. .IP "\(bu" 4 Run \fBlibguestfs\-test\-tool\fR\|(1) and paste the \fBcomplete, unedited\fR output into the bug report.