Bug 1602353
| Summary: | virt-inspector can't inspect LUKS-encrypted RHEL7 guest image | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Xianghua Chen <xchen> | ||||
| Component: | libguestfs | Assignee: | Richard W.M. Jones <rjones> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 7.6 | CC: | ptoscano | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | libguestfs-1.38.2-10.el7 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2018-10-30 07:47:00 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Interesting that the LUKS command to open the encrypted partition doesn't fail, yet the subsequent vgscan returns nothing. I wonder a few things: (1) Kernel prints an odd message which might be relevant: [ 25.558293] alg: No test for fips(ansi_cprng) (fips_ansi_cprng) (2) I discovered recently that the commands to rescan PVs have changed. Also maybe our use of lvmetad changed things too. See: https://github.com/libguestfs/libguestfs/commit/dd162d2cd56a2ecf4bcd40a7f463940eaac875b8 But I agree this is clearly a regression. Also we don't have a regression test upstream for this but clearly we should do. Patch series posted: https://www.redhat.com/archives/libguestfs/2018-July/msg00039.html Fixed upstream with https://github.com/libguestfs/libguestfs/commit/83fb657bec7f4de8392cd28d29185afdd46ae9bb https://github.com/libguestfs/libguestfs/commit/16e64b8988a7768aa78ff200ca46878b151dbd1f https://github.com/libguestfs/libguestfs/commit/55dfcb2211a6af949d46f8c05adab01e35ae283c https://github.com/libguestfs/libguestfs/commit/ec2228ea05c0f482bc00df63586e8be36b591bfb Only the first commit is strictly needed, the others are tests & a new API. Verified with package:
libguestfs-1.38.2-10.el7.x86_64
Steps:
1.Prepare a LUKS-encrypted RHEL7 guest image:
rhel7.6-LUKS.qcow2
2.
# echo REDHAT | virt-inspector -a rhel7.6-LUKS.qcow2 --keys-from-stdin
<?xml version="1.0"?>
<operatingsystems>
<operatingsystem>
<root>/dev/rhel/root</root>
<name>linux</name>
<arch>x86_64</arch>
<distro>rhel</distro>
<product_name>Red Hat Enterprise Linux Server 7.6 Beta (Maipo)</product_name>
<major_version>7</major_version>
<minor_version>6</minor_version>
<package_format>rpm</package_format>
<package_management>yum</package_management>
<hostname>localhost.localdomain</hostname>
<osinfo>rhel7.6</osinfo>
<mountpoints>
<mountpoint dev="/dev/rhel/root">/</mountpoint>
<mountpoint dev="/dev/sda1">/boot</mountpoint>
</mountpoints>
<filesystems>
... ...
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:3021 |
Created attachment 1459677 [details] log.virt-inspector.rhel7-luks Description of problem: virt-inspector can't inspect LUKS-encrypted RHEL7 guest image Version-Release number of selected component (if applicable): libguestfs-1.38.2-7.el7.x86_64 How reproducible: 100% Steps: 1.Prepare a LUKS-encrypted RHEL7 guest image: rhel7.6-LUKS.qcow2 2. $ echo REDHAT | virt-inspector -a rhel7.6-LUKS.qcow2 --keys-from-stdin <?xml version="1.0"?> <operatingsystems/> Please check the -v -x log in attachment. Actual results: Failed to inspect luks image. Expected results: Can inspect luks image successfully. Additional info: virt-tail, virt-get-kernel... with luks image also failed. on rhel8, it's ok.