Bug 1393747

Summary: RFE: Libguestfs should support LUKS partition in guest image
Product: [Community] Virtualization Tools Reporter: Xianghua Chen <xchen>
Component: libguestfsAssignee: Richard W.M. Jones <rjones>
Status: NEW --- QA Contact: YongkuiGuo <yoguo>
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: linl, ptoscano, wshi, xchen
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
log.luks none

Description Xianghua Chen 2016-11-10 09:09:49 UTC 
Created attachment 1219251 [details]
log.luks

Description of problem:
RFE: Libguestfs should support LUKS partition in guest image

Version-Release number of selected component (if applicable):
libguestfs-1.32.7-3.el7.x86_64

How reproducible:
100%

Steps:
1. Create 7.2 guest with LUKS encryption.
Install a RHEL7.2 guest image (retain some space at the partition step),then boot it and create partition with LUKS:
# fdisk /dev/vda
--> create a new partition /dev/vda3 for testing
# cryptsetup luksFormat /dev/vda3
# cryptsetup luksOpen  /dev/vda3 my_test
# mkfs.ext4 /dev/mapper/my_test
# mkdir /mnt/my_test
# mount /dev/mapper/my_test /mnt/my_test

Configure this LUKS partition to automatically mounted at boot:
# touch /root/.my_test
# cryptsetup luksAddKey /dev/vda3 /mnt/.my_test
# vim /etc/crypttab
my_test  /dev/vda3  /root/.my_test
# vim /etc/fstab
/dev/mapper/my_test  /mnt/my_test  ext4  defaults 0 0
# init 0

2.
# guestfish -a rhel7.2-LUKS.qcow2 -i
-------------------------------------------------------------------------------
Enter key or passphrase ("/dev/sda3"):
libguestfs: error: vfs_type: vfs_type_stub: /dev/mapper/my_test: No such file or directory
libguestfs: error: mount: mount_stub: /dev/mapper/my_test: No such file or directory
guestfish: some filesystems could not be mounted (ignored)

Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.

Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell

Operating system: Red Hat Enterprise Linux Server 7.2 (Maipo)
/dev/rhel/root mounted on /
/dev/sda1 mounted on /boot
libguestfs: error: lvm_canonical_lv_name: lvm_canonical_lv_name_stub: /dev/mapper/my_test: No such file or directory
/dev/mapper/my_test mounted on /mnt/my_test

><fs> ls /etc/mapper/my_test
libguestfs: error: ls0: opendir: /etc/mapper/my_test: No such file or directory
--------------------------------------------------------------------------------


Please refer to attachment for detailed log of: # guestfish -a rhel7.2-LUKS.qcow2 -i -v -x exit


Actual results:
Can't mount the LUKS partition.

Expected results:
Should mount the LUKS partition successfully.


Additional info:
Comment 1 Richard W.M. Jones 2016-11-10 09:53:43 UTC 
When it asked for the passphrase:

> Enter key or passphrase ("/dev/sda3"):

did you enter the right passphrase there?
Comment 2 Pino Toscano 2016-11-10 10:30:40 UTC 
The problem is that, when opening the LUKS partition, a "random" mapname is generated for them, so later then when trying to resolve the mount points in fstab the mapping specified is not found (and thus the errors about /dev/mapper/my_test above, for example).

Ideally, we need to parse crypttab to get the proper mapname -- luckly augeas seems to support it already.
Comment 3 Xianghua Chen 2016-11-11 05:30:32 UTC 
(In reply to Richard W.M. Jones from comment #1)
> When it asked for the passphrase:
> 
> > Enter key or passphrase ("/dev/sda3"):
> 
> did you enter the right passphrase there?

Yes,the passwd is right. 
And thanks for Pino's explanation.
Comment 4 Richard W.M. Jones 2020-03-03 09:10:19 UTC 
I wonder if we still need this bug.  Virt-v2v has supported LUKS for
a while.  We also have:
https://bugzilla.redhat.com/show_bug.cgi?id=1809453
"[RFE] Add support for LUKS encrypted disks with Clevis & Tang"
Comment 5 Pino Toscano 2020-03-03 10:02:35 UTC 
(In reply to Richard W.M. Jones from comment #4)
> I wonder if we still need this bug.  Virt-v2v has supported LUKS for
> a while.

Yes, we do need this bug, as the situation described in the bug (LUKS partitions with mapping described in /etc/crypttab) is not supported by libguestfs yet.

> We also have:
> https://bugzilla.redhat.com/show_bug.cgi?id=1809453
> "[RFE] Add support for LUKS encrypted disks with Clevis & Tang"

This is something completely different, and unrelated, from this bug.