.\" Automatically generated by Podwrapper::Man 2.4.0 (Pod::Simple 3.43)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "virt-v2v-input-xen 1"
.TH virt-v2v-input-xen 1 "2024-01-09" "virt-v2v-2.4.0" "Virtualization Support"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
virt\-v2v\-input\-xen \- Using virt\-v2v to convert guests from Xen
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 3
\& virt\-v2v \-ic \*(Aqxen+ssh://root@xen.example.com\*(Aq
\& \-ip passwordfile
\& GUEST_NAME [\-o* options]
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This page documents how to use \fBvirt\-v2v\fR\|(1) to convert guests from
\&\s-1RHEL 5\s0 Xen, or \s-1SLES\s0 and OpenSUSE Xen hosts.
.SH "INPUT FROM XEN"
.IX Header "INPUT FROM XEN"
.SS "\s-1SSH\s0 authentication"
.IX Subsection "SSH authentication"
You can use \s-1SSH\s0 password authentication, by supplying the name of a
file containing the password to the \fI\-ip\fR option (note this option
does \fInot\fR take the password directly). You may need to adjust
\&\fI/etc/ssh/sshd_config\fR on the Xen server to set
\&\f(CW\*(C`PasswordAuthentication yes\*(C'\fR.
.PP
If you are not using password authentication, an alternative is to use
ssh-agent, and add your ssh public key to
\&\fI/root/.ssh/authorized_keys\fR (on the Xen host). After doing this,
you should check that passwordless access works from the virt\-v2v
server to the Xen host. For example:
.PP
.Vb 2
\& $ ssh root@xen.example.com
\& [ logs straight into the shell, no password is requested ]
.Ve
.PP
Note that support for non-interactive authentication via the \fI\-ip\fR
option is incomplete. Some operations remain that still require the
user to enter the password manually. Therefore ssh-agent is recommended
over the \fI\-ip\fR option. See https://bugzilla.redhat.com/1854275.
.PP
With some modern ssh implementations, legacy crypto algorithms required
to interoperate with \s-1RHEL 5\s0 sshd are disabled. To enable them, you may
need to add the following \f(CW\*(C`Host\*(C'\fR stanza to your \fI~/.ssh/config\fR:
.PP
.Vb 6
\& Host xen.example.com
\& KexAlgorithms +diffie\-hellman\-group14\-sha1
\& MACs +hmac\-sha1
\& HostKeyAlgorithms +ssh\-rsa
\& PubkeyAcceptedKeyTypes +ssh\-rsa
\& PubkeyAcceptedAlgorithms +ssh\-rsa
.Ve
.PP
(\f(CW\*(C`PubkeyAcceptedKeyTypes\*(C'\fR and \f(CW\*(C`PubkeyAcceptedAlgorithms\*(C'\fR have
identical meaning; the former is the old option name, the latter is the
new one. Virt\-v2v uses both \f(CW\*(C`libssh\*(C'\fR and \f(CW\*(C`ssh\*(C'\fR when converting a guest
from Xen, and on some operating systems, \f(CW\*(C`libssh\*(C'\fR and \f(CW\*(C`ssh\*(C'\fR may not
both accept the same option variant.)
.PP
When connecting to \s-1RHEL 5\s0 sshd from \s-1RHEL 9,\s0 the \s-1SHA1\s0 algorithm's use in
signatures has to be re-enabled at the OpenSSL level, in addition to the
above \s-1SSH\s0 configuration. Create a file called \fI\f(CI$HOME\fI/openssl\-sha1.cnf\fR
with the following contents:
.PP
.Vb 5
\& .include /etc/ssl/openssl.cnf
\& [openssl_init]
\& alg_section = evp_properties
\& [evp_properties]
\& rh\-allow\-sha1\-signatures = yes
.Ve
.PP
and export the following variable into the environment of the
\&\f(CW\*(C`virt\-v2v\*(C'\fR process:
.PP
.Vb 1
\& OPENSSL_CONF=$HOME/openssl\-sha1.cnf
.Ve
.PP
Note that the \f(CW\*(C`OPENSSL_CONF\*(C'\fR environment variable will only take effect
if the libvirt client library used by virt\-v2v is at least version
8.6.0.
.SS "Test libvirt connection to remote Xen host"
.IX Subsection "Test libvirt connection to remote Xen host"
Use the \fBvirsh\fR\|(1) command to list the guests on the remote Xen host:
.PP
.Vb 5
\& $ virsh \-c xen+ssh://root@xen.example.com list \-\-all
\& Id Name State
\& \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
\& 0 Domain\-0 running
\& \- rhel49\-x86_64\-pv shut off
.Ve
.PP
You should also try dumping the metadata from any guest on your
server, like this:
.PP
.Vb 5
\& $ virsh \-c xen+ssh://root@xen.example.com dumpxml rhel49\-x86_64\-pv
\&
\& rhel49\-x86_64\-pv
\& [...]
\&
.Ve
.PP
\&\fBIf the above commands do not work, then virt\-v2v is not going to
work either\fR. Fix your libvirt configuration or the remote server
before continuing.
.PP
\&\fBIf the guest disks are located on a host block device\fR, then the
conversion will fail. See \*(L"Xen or ssh conversions from block devices\*(R"
below for a workaround.
.SS "Importing a guest"
.IX Subsection "Importing a guest"
To import a particular guest from a Xen server, do:
.PP
.Vb 3
\& $ virt\-v2v \-ic \*(Aqxen+ssh://root@xen.example.com\*(Aq \e
\& rhel49\-x86_64\-pv \e
\& \-o local \-os /var/tmp
.Ve
.PP
where \f(CW\*(C`rhel49\-x86_64\-pv\*(C'\fR is the name of the guest (which must be shut
down).
.PP
In this case the output flags are set to write the converted guest to
a temporary directory as this is just an example, but you can also
write to libvirt or any other supported target.
.SS "Xen or ssh conversions from block devices"
.IX Subsection "Xen or ssh conversions from block devices"
Currently virt\-v2v cannot directly access a Xen guest (or any guest
located remotely over ssh) if that guest’s disks are located on host
block devices.
.PP
To tell if a Xen guest uses host block devices, look at the guest \s-1XML.\s0
You will see:
.PP
.Vb 3
\&
\& ...
\&