Bug 1602353
Summary: | virt-inspector can't inspect LUKS-encrypted RHEL7 guest image | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Xianghua Chen <xchen> | ||||
Component: | libguestfs | Assignee: | Richard W.M. Jones <rjones> | ||||
Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 7.6 | CC: | ptoscano | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | libguestfs-1.38.2-10.el7 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2018-10-30 07:47:00 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Interesting that the LUKS command to open the encrypted partition doesn't fail, yet the subsequent vgscan returns nothing. I wonder a few things: (1) Kernel prints an odd message which might be relevant: [ 25.558293] alg: No test for fips(ansi_cprng) (fips_ansi_cprng) (2) I discovered recently that the commands to rescan PVs have changed. Also maybe our use of lvmetad changed things too. See: https://github.com/libguestfs/libguestfs/commit/dd162d2cd56a2ecf4bcd40a7f463940eaac875b8 But I agree this is clearly a regression. Also we don't have a regression test upstream for this but clearly we should do. Patch series posted: https://www.redhat.com/archives/libguestfs/2018-July/msg00039.html Fixed upstream with https://github.com/libguestfs/libguestfs/commit/83fb657bec7f4de8392cd28d29185afdd46ae9bb https://github.com/libguestfs/libguestfs/commit/16e64b8988a7768aa78ff200ca46878b151dbd1f https://github.com/libguestfs/libguestfs/commit/55dfcb2211a6af949d46f8c05adab01e35ae283c https://github.com/libguestfs/libguestfs/commit/ec2228ea05c0f482bc00df63586e8be36b591bfb Only the first commit is strictly needed, the others are tests & a new API. Verified with package: libguestfs-1.38.2-10.el7.x86_64 Steps: 1.Prepare a LUKS-encrypted RHEL7 guest image: rhel7.6-LUKS.qcow2 2. # echo REDHAT | virt-inspector -a rhel7.6-LUKS.qcow2 --keys-from-stdin <?xml version="1.0"?> <operatingsystems> <operatingsystem> <root>/dev/rhel/root</root> <name>linux</name> <arch>x86_64</arch> <distro>rhel</distro> <product_name>Red Hat Enterprise Linux Server 7.6 Beta (Maipo)</product_name> <major_version>7</major_version> <minor_version>6</minor_version> <package_format>rpm</package_format> <package_management>yum</package_management> <hostname>localhost.localdomain</hostname> <osinfo>rhel7.6</osinfo> <mountpoints> <mountpoint dev="/dev/rhel/root">/</mountpoint> <mountpoint dev="/dev/sda1">/boot</mountpoint> </mountpoints> <filesystems> ... ... Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:3021 |
Created attachment 1459677 [details] log.virt-inspector.rhel7-luks Description of problem: virt-inspector can't inspect LUKS-encrypted RHEL7 guest image Version-Release number of selected component (if applicable): libguestfs-1.38.2-7.el7.x86_64 How reproducible: 100% Steps: 1.Prepare a LUKS-encrypted RHEL7 guest image: rhel7.6-LUKS.qcow2 2. $ echo REDHAT | virt-inspector -a rhel7.6-LUKS.qcow2 --keys-from-stdin <?xml version="1.0"?> <operatingsystems/> Please check the -v -x log in attachment. Actual results: Failed to inspect luks image. Expected results: Can inspect luks image successfully. Additional info: virt-tail, virt-get-kernel... with luks image also failed. on rhel8, it's ok.