Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1393747 - RFE: Libguestfs should support LUKS partition in guest image
Summary: RFE: Libguestfs should support LUKS partition in guest image
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libguestfs
Version: 7.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Richard W.M. Jones
QA Contact: YongkuiGuo
Depends On:
TreeView+ depends on / blocked
Reported: 2016-11-10 09:09 UTC by Xianghua Chen
Modified: 2019-02-14 10:04 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:
Target Upstream Version:

Attachments (Terms of Use)
log.luks (deleted)
2016-11-10 09:09 UTC, Xianghua Chen
no flags Details

System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1398191 None NEW RFE: virt-v2v should support converting vm with LUKS disk encryption format 2019-03-30 13:04:01 UTC

Internal Links: 1398191

Description Xianghua Chen 2016-11-10 09:09:49 UTC
Created attachment 1219251 [details]

Description of problem:
RFE: Libguestfs should support LUKS partition in guest image

Version-Release number of selected component (if applicable):

How reproducible:

1. Create 7.2 guest with LUKS encryption.
Install a RHEL7.2 guest image (retain some space at the partition step),then boot it and create partition with LUKS:
# fdisk /dev/vda
--> create a new partition /dev/vda3 for testing
# cryptsetup luksFormat /dev/vda3
# cryptsetup luksOpen  /dev/vda3 my_test
# mkfs.ext4 /dev/mapper/my_test
# mkdir /mnt/my_test
# mount /dev/mapper/my_test /mnt/my_test

Configure this LUKS partition to automatically mounted at boot:
# touch /root/.my_test
# cryptsetup luksAddKey /dev/vda3 /mnt/.my_test
# vim /etc/crypttab
my_test  /dev/vda3  /root/.my_test
# vim /etc/fstab
/dev/mapper/my_test  /mnt/my_test  ext4  defaults 0 0
# init 0

# guestfish -a rhel7.2-LUKS.qcow2 -i
Enter key or passphrase ("/dev/sda3"):
libguestfs: error: vfs_type: vfs_type_stub: /dev/mapper/my_test: No such file or directory
libguestfs: error: mount: mount_stub: /dev/mapper/my_test: No such file or directory
guestfish: some filesystems could not be mounted (ignored)

Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems and disk images.

Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell

Operating system: Red Hat Enterprise Linux Server 7.2 (Maipo)
/dev/rhel/root mounted on /
/dev/sda1 mounted on /boot
libguestfs: error: lvm_canonical_lv_name: lvm_canonical_lv_name_stub: /dev/mapper/my_test: No such file or directory
/dev/mapper/my_test mounted on /mnt/my_test

><fs> ls /etc/mapper/my_test
libguestfs: error: ls0: opendir: /etc/mapper/my_test: No such file or directory

Please refer to attachment for detailed log of: # guestfish -a rhel7.2-LUKS.qcow2 -i -v -x exit

Actual results:
Can't mount the LUKS partition.

Expected results:
Should mount the LUKS partition successfully.

Additional info:

Comment 1 Richard W.M. Jones 2016-11-10 09:53:43 UTC
When it asked for the passphrase:

> Enter key or passphrase ("/dev/sda3"):

did you enter the right passphrase there?

Comment 2 Pino Toscano 2016-11-10 10:30:40 UTC
The problem is that, when opening the LUKS partition, a "random" mapname is generated for them, so later then when trying to resolve the mount points in fstab the mapping specified is not found (and thus the errors about /dev/mapper/my_test above, for example).

Ideally, we need to parse crypttab to get the proper mapname -- luckly augeas seems to support it already.

Comment 3 Xianghua Chen 2016-11-11 05:30:32 UTC
(In reply to Richard W.M. Jones from comment #1)
> When it asked for the passphrase:
> > Enter key or passphrase ("/dev/sda3"):
> did you enter the right passphrase there?

Yes,the passwd is right. 
And thanks for Pino's explanation.

Note You need to log in before you can comment on or make changes to this bug.