Bug 1222100

Summary: virt-viewer did not use virt-ssh-helper as relay
Product: [openSUSE] openSUSE Tumbleweed Reporter: Shung-Hsi Yu <shung-hsi.yu>
Component: Virtualization:ToolsAssignee: James Fehlig <jfehlig>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Minor    
Priority: P5 - None CC: carnold, jfehlig, shung-hsi.yu
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Shung-Hsi Yu 2024-03-28 02:55:30 UTC 
Connecting to a libvirtd server (10.1.0-2.1) with virt-viewer (11.0-5.2) failed with "SSH tunnel error output: sh: line 1: nc: command not found". But that is unexpected since virt-viewer should have used virt-ssh-helper since 6.9.0[1], which does not require nc/netcat-openbsd to be present on the libvirtd service.

See SR#1161600 for previous discussion.

1: https://build.opensuse.org/request/show/1161600#status-history-31815024
Comment 1 Shung-Hsi Yu 2024-03-28 03:01:23 UTC 
Looking around using "virtqemud" as keyword it seems like that's one of the modular daemons, where as I'm still using the monolithic daemon started by libvirtd.{service,socket}. Perhaps that's the reason?
Comment 2 Shung-Hsi Yu 2024-03-28 03:26:38 UTC 
Hmm the title of this issue might be wrong. Perhaps it should say virt-manager (4.1.0-17.1) instead. What I was using was virt-manager for opening the graphic console, I just thought it use virt-viewer underneath, but perhaps not so?

Switching to modular daemons[1] and using `virt-viewer -c ... $VM` directly I do not see the error message, however if I stick with virt-manager to connect to the graphical console, I would see the error "SSH tunnel error output: sh: line 1: nc: command not found".

1: https://libvirt.org/daemons.html#monolithic-vs-modular-daemons
Comment 3 Shung-Hsi Yu 2024-04-10 03:40:17 UTC 
Hi Jim, do you know whether it possible to use virt-*manager* to connect to remote libvirt server without having nc being installed?
Comment 4 James Fehlig 2024-04-10 20:13:40 UTC 
(In reply to Shung-Hsi Yu from comment #3)
> Hi Jim, do you know whether it possible to use virt-*manager* to connect to
> remote libvirt server without having nc being installed?

Sorry for the delay. Yes, it's possible to connect virt-manager to *libvirt* without nc. The fact that you can see and manage (start, stop, etc) your VMs in virt-manager tells us it can connect to libvirt just fine using libvirt's virt-ssh-helper.

But virt-manager uses ssh tunneling + nc for VNC and spice

https://github.com/virt-manager/virt-manager/blob/main/virtManager/details/sshtunnels.py#L208

In this case, virt-manager is connecting to the VNC or spice server running in the qemu process, with something like

ssh -l root 
virt82.devlab.pgu1.suse.com sh -c 'nc -q 2>&1 | grep "requires an argument" >/dev/null; if [ $? -eq 0 ]; then CMD="nc -q 0 127.0.0.1 5900"; else CMD="nc 127.0.0.1 5900"; fi; eval "$CMD";'

Honestly, I'm not sure where to add the netcat-openbsd dependency. libvirt doesn't need it. And the qemu VNC or spice components don't need it either. virt-manager is the one explicitly using /usr/bin/nc, but it's a client app and cant guarantee the binary exists on the remote host.
Comment 5 James Fehlig 2024-04-12 21:47:17 UTC 
We discussed this during one of our meetings and in the end decided libvirt is the best place to put the dependency. virt-manager will always need to connect to libvirt (using virt-ssh-helper) to get graphics configuration before launching virt-viewer, so placing the dependency in libvirt ensures /usr/bin/nc will there for virt-viewer's use.
Comment 6 James Fehlig 2024-04-12 21:56:20 UTC 
(In reply to Shung-Hsi Yu from comment #0)
> See SR#1161600 for previous discussion.
> 
> 1: https://build.opensuse.org/request/show/1161600#status-history-31815024

Heh, in the end your initial fix is the one we settled on. I don't particularly like it, but does seem to be the least evil hack. Sorry for the run around in getting this fixed :-).
Comment 7 OBSbugzilla Bot 2024-04-12 22:15:04 UTC 
This is an autogenerated message for OBS integration:
This bug (1222100) was mentioned in
https://build.opensuse.org/request/show/1167494 Factory / libvirt
Comment 8 Shung-Hsi Yu 2024-04-15 12:36:45 UTC 
(In reply to James Fehlig from comment #6)
> (In reply to Shung-Hsi Yu from comment #0)
> > See SR#1161600 for previous discussion.
> > 
> > 1: https://build.opensuse.org/request/show/1161600#status-history-31815024
> 
> Heh, in the end your initial fix is the one we settled on. I don't
> particularly like it, but does seem to be the least evil hack. Sorry for the
> run around in getting this fixed :-).

No problem, I got a lucky guess heh :)
Comment 9 Shung-Hsi Yu 2024-04-15 12:41:47 UTC 
For completeness (in case anyone also come across this), there's a feature request for virt-manager at virt-manager/virt-manager#439 "RFE: use virt-ssh-helper instead of nc, if available"[1]. If that is implemented the requirement on nc should go away.

1: https://github.com/virt-manager/virt-manager/issues/439
Comment 10 James Fehlig 2024-04-15 23:26:36 UTC 
(In reply to Shung-Hsi Yu from comment #9)
> For completeness (in case anyone also come across this), there's a feature
> request for virt-manager at virt-manager/virt-manager#439 "RFE: use
> virt-ssh-helper instead of nc, if available"[1]. If that is implemented the
> requirement on nc should go away.
> 
> 1: https://github.com/virt-manager/virt-manager/issues/439

Thanks for providing the link here. Currently virt-ssh-helper only supports relaying from ssh tunnel to the various virt daemon unix domain sockets. It will need enhanced to support relaying to network socket/ports before virt-manager can use it for tunneling VM graphical consoles.