Bug 1629916

Summary: [v2v] Migration of VM with Encrypted Disk Fails
Product: Red Hat CloudForms Management Engine Reporter: Kedar Kulkarni <kkulkarn>
Component: DocumentationAssignee: Avital Pinnick <apinnick>
Status: CLOSED CURRENTRELEASE QA Contact: Red Hat CloudForms Documentation <cloudforms-docs>
Severity: high Docs Contact: Red Hat CloudForms Documentation <cloudforms-docs>
Priority: low    
Version: 5.9.4CC: apinnick, bthurber, dmetzger, fdupont, hkataria, kdixon, kkulkarn, lavenel, mfeifer, mpovolny, obarenbo, ptoscano, rjones, smallamp
Target Milestone: GAFlags: kkulkarn: automate_bug+
Target Release: 5.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: v2v
Fixed In Version: Doc Type: Known Issue
Doc Text:
Cause: VMs with encrypted disks fail migration. Consequence: VM fails to migrate. Workaround (if any): De-encrypt VM disks prior to VM migration. Result: Post disk de-encryption successful VM migration.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-23 06:29:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: V2V Target Upstream Version:
Embargoed:
Attachments:
Description Flags
virt-v2v logs none

Description Kedar Kulkarni 2018-09-17 16:01:38 UTC 
Created attachment 1484095 [details]
virt-v2v logs

Description of problem:
Migration of VM with Encrypted Disk Fails- Tested with RHEL7 Server Minimal install LUKS Encrypted Disk.

Version-Release number of selected component (if applicable):
5.9.4.7

How reproducible:
100%

Steps to Reproduce:
1.Add VMware and RHV provider 
2.Configure Conversion host for migration
3.Create a VM which has LUKS Encryption on its disk
4.Create infra mapping and migration plan to migrate this VM


Actual results:
Migration Fails with Error :
libguestfs: trace: v2v: vfs_type = "crypto_LUKS"
getline: Inappropriate ioctl for device
libguestfs: trace: v2v: close

See attached Log file

Expected results:
Migration of Encrypted Disk VM should be supported or appropriate error should be displayed to user in CF. Probably block migration of such VM.

Additional info:
Comment 3 Richard W.M. Jones 2018-12-04 08:33:47 UTC 
virt-v2v is asking for an encryption passphrase to decrypt the
disk.  However as there is no console it gets an error when
reading it:

https://github.com/libguestfs/libguestfs/blob/b0c11adee755018208d946fd104fdfc9f0da8de3/common/options/keys.c#L77

You can pass keys to virt-v2v using the
virt-v2v --keys-from-stdin option, but it will require additional
support in the wrapper.
Comment 4 Pino Toscano 2018-12-04 08:55:13 UTC 
(In reply to Richard W.M. Jones from comment #3)
> You can pass keys to virt-v2v using the
> virt-v2v --keys-from-stdin option, but it will require additional
> support in the wrapper.

This is correct, however it is very inconvenient to use: you need to write to stdin the passphrases in the correct order of the LUKS volumes.

I introduced upstream a new --key command line parameter in all the tools (virt-v2v included) to help with this process:
https://github.com/libguestfs/libguestfs/commit/4b1e5b0c3f900b0f197885e85f8c917caff3c339
Maybe this needs a --machine-readable capability? (Also to help virt-p2v to use it.)