On Thu, Oct 06, 2022 at 12:16:36PM +0200, Laszlo Ersek wrote:
> On 10/05/22 16:06, Do Re wrote:
> > Hello all,
> >
> > background: One of my VM stopped working - on startup, I get the message
> > "No bootable device" in the virtual machine.
> >
> > I would like to inspect the corresponding image with libguestfs-tools.
> >
> > However, I don't know how to pass the encryption key to the tool. For
> > example:
> >
> > virt-ls -a /opt/vm_witherror/machine1.qcow2 /
> > libguestfs: trace: set_verbose true
> > libguestfs: trace: set_verbose = 0
> > libguestfs: create: flags = 0, handle = 0x5645c40d6b00, program = virt-ls
> > libguestfs: trace: add_drive "/opt/vm_witherror/machine1.qcow2"
> > "readonly:true"
> > libguestfs: creating COW overlay to protect original drive content
> > libguestfs: trace: get_tmpdir
> > libguestfs: trace: get_tmpdir = "/tmp"
> > libguestfs: trace: disk_create "/tmp/libguestfsxECmri/overlay1.qcow2"
> > "qcow2" -1 "backingfile:/opt/vm_witherror/machine1.qcow2"
> > libguestfs: command: run: qemu-img
> > libguestfs: command: run: \ create
> > libguestfs: command: run: \ -f qcow2
> > libguestfs: command: run: \ -o backing_file=/opt/vm_witherror/machine1.qcow2
> > libguestfs: command: run: \ /tmp/libguestfsxECmri/overlay1.qcow2
> > qemu-img: /tmp/libguestfsxECmri/overlay1.qcow2: Parameter
> > 'encrypt.key-secret' is required for cipher
> > Could not open backing image.
> > libguestfs: error: qemu-img: /tmp/libguestfsxECmri/overlay1.qcow2:
> > qemu-img exited with error status 1, see debug messages above
> > libguestfs: trace: disk_create = -1 (error)
> > libguestfs: trace: add_drive = -1 (error)
> > libguestfs: trace: close
> > libguestfs: closing guestfs handle 0x5645c40d6b00 (state 0)
> > libguestfs: command: run: rm
> > libguestfs: command: run: \ -rf /tmp/libguestfsxECmri
> >
> >
> > Could you please provide an example on how to get such an encrypted disk
> > mounted?
>
> My understanding is that libguestfs (and guestfs-tools) do not currently
> support the kind of encrypted disk where the encryption is implemented
> by QEMU, at the qcow2 layer.
I think the only sane way to do this at the moment is to open the
image first using qemu-nbd and then connect libguestfs to the NBD
socket. In other words something like this:
$ qemu-nbd --object secret,id=sec0,data=secretpassword \
--image-opts
driver=qcow2,file.filename=machine1.qcow2,encrypt.format=luks,encrypt.key-secret=sec0
\
-t -k /tmp/socket &
$ guestfish --format=raw -a 'nbd+unix:///?socket=/tmp/socket' -i
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
_______________________________________________
Libguestfs mailing list
Libguestfs@redhat.com
https://listman.redhat.com/mailman/listinfo/libguestfs
