Hide Forgot
Description of problem: Need ability to run virt-sysprep on a guest with full-disk encryption. After running virt-sysprep from (libguestfs-tools-c-1.20.11-14.el6.x86_64) “ Running virt-sysprep: Examining the guest ... virt-sysprep: no operating systems were found in the guest image “ Version-Release number of selected component (if applicable): libguestfs-tools-c-1.20.11-14.el6.x86_64 How reproducible: Every Time Steps to Reproduce: 1.Create 7.2 guest with LUKS encryption 2.Run virt-sysprep on guest from host 3. Actual results: “ Running virt-sysprep: Examining the guest ... virt-sysprep: no operating systems were found in the guest image “ Expected results: Additional info:
None of the OCaml-based tools supports opening LUKS-encrypted partitions.
This has been implemented with commits https://github.com/libguestfs/libguestfs/commit/0920b805fda02729d5204d2ab2cbfa192ba6570f https://github.com/libguestfs/libguestfs/commit/5281e08802c47b3fd6a945d17d7d6ee3b428b896 https://github.com/libguestfs/libguestfs/commit/6b26a0cce4f1d6264bee88902b8931e39288c901 which are in libguestfs >= 1.35.6.
Hi Pino, Do you know by saying "1.Create 7.2 guest with LUKS encryption", does he mean that : create a partition --> encrypt it --> configured to automatically start up at boot ? I tried that way but can't reproduce it, the version is: libguestfs-1.32.7-3.el7.x86_64 Steps: 1. Create 7.2 guest with LUKS encryption. Install a RHEL7.2 guest image (retain some space at the partition step),then boot it, create partition with LUKS: # fdisk /dev/vda --> create a new partition /dev/vda3 for testing # cryptsetup luksFormat /dev/vda3 # cryptsetup luksOpen /dev/vda3 my_test # mkfs.ext4 /dev/mapper/my_test # mkdir /mnt/my_test # mount /dev/mapper/my_test /mnt/my_test Configure to automatically start up at boot: # touch /root/.my_test # cryptsetup luksAddKey /dev/vda3 /mnt/.my_test # vim /etc/crypttab my_test /dev/vda3 /root/.my_test # vim /etc/fstab /dev/mapper/my_test /mnt/my_test ext4 defaults 0 0 # init 0 2. # virt-sysprep -a rhel7.2-LUKS.qcow2 [ 0.0] Examining the guest ... virt-sysprep: warning: mount_options: mount_options_stub: /dev/mapper/my_test: No such file or directory (ignored) [ 6.5] Performing "abrt-data" ... [ 6.5] Performing "bash-history" ... [ 6.5] Performing "blkid-tab" ... [ 6.5] Performing "crash-data" ... [ 6.5] Performing "cron-spool" ... [ 6.6] Performing "dhcp-client-state" ... [ 6.6] Performing "dhcp-server-state" ... [ 6.6] Performing "dovecot-data" ... [ 6.6] Performing "logfiles" ... [ 6.7] Performing "machine-id" ... [ 6.7] Performing "mail-spool" ... [ 6.7] Performing "net-hostname" ... [ 6.8] Performing "net-hwaddr" ... [ 6.8] Performing "pacct-log" ... [ 6.8] Performing "package-manager-cache" ... [ 6.8] Performing "pam-data" ... [ 6.8] Performing "puppet-data-log" ... [ 6.8] Performing "rh-subscription-manager" ... [ 6.8] Performing "rhn-systemid" ... [ 6.8] Performing "rpm-db" ... [ 6.8] Performing "samba-db-log" ... [ 6.9] Performing "script" ... [ 6.9] Performing "smolt-uuid" ... [ 6.9] Performing "ssh-hostkeys" ... [ 6.9] Performing "ssh-userdir" ... [ 6.9] Performing "sssd-db-log" ... [ 6.9] Performing "tmp-files" ... [ 6.9] Performing "udev-persistent-net" ... [ 6.9] Performing "utmp" ... [ 6.9] Performing "yum-uuid" ... [ 6.9] Performing "customize" ... [ 6.9] Setting a random seed [ 7.4] Performing "lvm-uuids" ... --> It finished successfully with some warning, should I use the 1.20.11-14 to test, or there is some problem in my steps? 3. # guestfish -a rhel7.2-LUKS.qcow2 -i Enter key or passphrase ("/dev/sda3"): libguestfs: error: vfs_type: vfs_type_stub: /dev/mapper/my_test: No such file or directory libguestfs: error: mount: mount_stub: /dev/mapper/my_test: No such file or directory guestfish: some filesystems could not be mounted (ignored) Welcome to guestfish, the guest filesystem shell for editing virtual machine filesystems and disk images. Type: 'help' for help on commands 'man' to read the manual 'quit' to quit the shell Operating system: Red Hat Enterprise Linux Server 7.2 (Maipo) /dev/rhel/root mounted on / /dev/sda1 mounted on /boot libguestfs: error: lvm_canonical_lv_name: lvm_canonical_lv_name_stub: /dev/mapper/my_test: No such file or directory /dev/mapper/my_test mounted on /mnt/my_test --> Is this alright or just another bug ?
(In reply to Xianghua Chen from comment #4) > Hi Pino, > Do you know by saying "1.Create 7.2 guest with LUKS encryption", does he > mean that : create a partition --> encrypt it --> configured to > automatically start up at boot ? It is meant to be full-disk encryption -- i.e. the option to encrypt the root and all the filesystems (except /boot), as done by anaconda (in RHEL and Fedora guests). When using a kickstart, you can use a like like: part pv.10 --fstype=lvmpv --size=1 --grow --encrypted --passphrase="thepassword" What you describe (very nice test case, btw) is another style of LUKS encryption, which is not supported yet by the libguestfs tools. Please open a separate RFE for that, so we can track that work properly.
> What you describe (very nice test case, btw) is another style of LUKS > encryption, which is not supported yet by the libguestfs tools. Please open > a separate RFE for that, so we can track that work properly. Have filed a new RFE bug for this: bug#1393747 Hi Evan, I'm QE for libguestfs, and trying to reproduce this bug. Do you have the kickstart file which can install this kind luks encrypt guest image? I failed to create the guest by adding this line to my ks file: part pv.10 --fstype=lvmpv --size=1 --grow --encrypted --passphrase="thepassword" Maybe there are some other options ? Could you kindly provide more info? Thank you very much:)
Verified with package: libguestfs-1.36.3-1.el7.x86_64 Steps: 1. Prepare a LUKS guest image (encrypt it when install the image, using password: REDHAT). 2. Virt-sysprep the encrypted guest image: # virt-sysprep -a RHEL7.3-LUKS.qcow2 --echo-keys [ 0.0] Examining the guest ... Enter key or passphrase ("/dev/sda2"): REDHAT [ 66.9] Performing "abrt-data" ... [ 66.9] Performing "backup-files" ... [ 67.7] Performing "bash-history" ... [ 67.7] Performing "blkid-tab" ... [ 67.7] Performing "crash-data" ... [ 67.7] Performing "cron-spool" ... [ 67.7] Performing "dhcp-client-state" ... [ 67.7] Performing "dhcp-server-state" ... [ 67.7] Performing "dovecot-data" ... [ 67.7] Performing "logfiles" ... [ 67.7] Performing "machine-id" ... [ 67.7] Performing "mail-spool" ... [ 67.7] Performing "net-hostname" ... [ 67.7] Performing "net-hwaddr" ... [ 67.7] Performing "pacct-log" ... [ 67.7] Performing "package-manager-cache" ... [ 67.7] Performing "pam-data" ... [ 67.7] Performing "passwd-backups" ... [ 67.7] Performing "puppet-data-log" ... [ 67.7] Performing "rh-subscription-manager" ... [ 67.7] Performing "rhn-systemid" ... [ 67.7] Performing "rpm-db" ... [ 67.7] Performing "samba-db-log" ... [ 67.7] Performing "script" ... [ 67.7] Performing "smolt-uuid" ... [ 67.7] Performing "ssh-hostkeys" ... [ 67.7] Performing "ssh-userdir" ... [ 67.7] Performing "sssd-db-log" ... [ 67.7] Performing "tmp-files" ... [ 67.7] Performing "udev-persistent-net" ... [ 67.7] Performing "utmp" ... [ 67.7] Performing "yum-uuid" ... [ 67.7] Performing "customize" ... [ 67.7] Setting a random seed [ 68.0] Performing "lvm-uuids" ... The command can be executed successfully. So verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2023