SSH authentication¶

You can use SSH password authentication, by supplying the name of a file containing the password to the -ip option (note this option does not take the password directly). You may need to adjust /etc/ssh/sshd_config on the Xen server to set "PasswordAuthentication yes".

If you are not using password authentication, an alternative is to use ssh-agent, and add your ssh public key to /root/.ssh/authorized_keys (on the Xen host). After doing this, you should check that passwordless access works from the virt-v2v server to the Xen host. For example:

 $ ssh root@xen.example.com
 [ logs straight into the shell, no password is requested ]

Note that support for non-interactive authentication via the -ip option is incomplete. Some operations remain that still require the user to enter the password manually. Therefore ssh-agent is recommended over the -ip option. See https://bugzilla.redhat.com/1854275.

With some modern ssh implementations, legacy crypto algorithms required to interoperate with RHEL 5 sshd are disabled. To enable them, you may need to add the following "Host" stanza to your ~/.ssh/config:

 Host xen.example.com
   KexAlgorithms            +diffie-hellman-group14-sha1
   MACs                     +hmac-sha1
   HostKeyAlgorithms        +ssh-rsa
   PubkeyAcceptedKeyTypes   +ssh-rsa
   PubkeyAcceptedAlgorithms +ssh-rsa

("PubkeyAcceptedKeyTypes" and "PubkeyAcceptedAlgorithms" have identical meaning; the former is the old option name, the latter is the new one. Virt-v2v uses both "libssh" and "ssh" when converting a guest from Xen, and on some operating systems, "libssh" and "ssh" may not both accept the same option variant.)

When connecting to RHEL 5 sshd from RHEL 9, the SHA1 algorithm's use in signatures has to be re-enabled at the OpenSSL level, in addition to the above SSH configuration. Create a file called $HOME/openssl-sha1.cnf with the following contents:

 .include /etc/ssl/openssl.cnf
 [openssl_init]
 alg_section = evp_properties
 [evp_properties]
 rh-allow-sha1-signatures = yes

and export the following variable into the environment of the "virt-v2v" process:

 OPENSSL_CONF=$HOME/openssl-sha1.cnf

Note that the "OPENSSL_CONF" environment variable will only take effect if the libvirt client library used by virt-v2v is at least version 8.6.0.

Test libvirt connection to remote Xen host¶

Use the virsh(1) command to list the guests on the remote Xen host:

 $ virsh -c xen+ssh://root@xen.example.com list --all
  Id    Name                           State
 ----------------------------------------------------
  0     Domain-0                       running
  -     rhel49-x86_64-pv               shut off

You should also try dumping the metadata from any guest on your server, like this:

 $ virsh -c xen+ssh://root@xen.example.com dumpxml rhel49-x86_64-pv
 <domain type='xen'>
   <name>rhel49-x86_64-pv</name>
   [...]
 </domain>

If the above commands do not work, then virt-v2v is not going to work either. Fix your libvirt configuration or the remote server before continuing.

If the guest disks are located on a host block device, then the conversion will fail. See "Xen or ssh conversions from block devices" below for a workaround.

Importing a guest¶

To import a particular guest from a Xen server, do:

 $ virt-v2v -ic 'xen+ssh://root@xen.example.com' \
           rhel49-x86_64-pv \
           -o local -os /var/tmp

where "rhel49-x86_64-pv" is the name of the guest (which must be shut down).

In this case the output flags are set to write the converted guest to a temporary directory as this is just an example, but you can also write to libvirt or any other supported target.

Xen or ssh conversions from block devices¶

Currently virt-v2v cannot directly access a Xen guest (or any guest located remotely over ssh) if that guest’s disks are located on host block devices.

To tell if a Xen guest uses host block devices, look at the guest XML. You will see:

  <disk type='block' device='disk'>
    ...
    <source dev='/dev/VG/guest'/>

where "type='block'", "source dev=" and "/dev/..." are all indications that the disk is located on a host block device.

This happens because the qemu ssh block driver that we use to access remote disks uses the ssh sftp protocol, and this protocol cannot correctly detect the size of host block devices.

The workaround is to copy the block device from the remote Xen server to a regular local file, copy the libvirt guest XML, adjust the "disk" element to point to the local file, and use "-i libvirtxml" mode instead.