Do Re
2022-Oct-05 14:06 UTC
[Libguestfs] Parameter 'encrypt.key-secret' is required for cipher for virt-ls
Hello all, background: One of my VM stopped working - on startup, I get the message "No bootable device" in the virtual machine. I would like to inspect the corresponding image with libguestfs-tools. However, I don't know how to pass the encryption key to the tool. For example: virt-ls -a /opt/vm_witherror/machine1.qcow2 / libguestfs: trace: set_verbose true libguestfs: trace: set_verbose = 0 libguestfs: create: flags = 0, handle = 0x5645c40d6b00, program = virt-ls libguestfs: trace: add_drive "/opt/vm_witherror/machine1.qcow2" "readonly:true" libguestfs: creating COW overlay to protect original drive content libguestfs: trace: get_tmpdir libguestfs: trace: get_tmpdir = "/tmp" libguestfs: trace: disk_create "/tmp/libguestfsxECmri/overlay1.qcow2" "qcow2" -1 "backingfile:/opt/vm_witherror/machine1.qcow2" libguestfs: command: run: qemu-img libguestfs: command: run: \ create libguestfs: command: run: \ -f qcow2 libguestfs: command: run: \ -o backing_file=/opt/vm_witherror/machine1.qcow2 libguestfs: command: run: \ /tmp/libguestfsxECmri/overlay1.qcow2 qemu-img: /tmp/libguestfsxECmri/overlay1.qcow2: Parameter 'encrypt.key-secret' is required for cipher Could not open backing image. libguestfs: error: qemu-img: /tmp/libguestfsxECmri/overlay1.qcow2: qemu-img exited with error status 1, see debug messages above libguestfs: trace: disk_create = -1 (error) libguestfs: trace: add_drive = -1 (error) libguestfs: trace: close libguestfs: closing guestfs handle 0x5645c40d6b00 (state 0) libguestfs: command: run: rm libguestfs: command: run: \ -rf /tmp/libguestfsxECmri Could you please provide an example on how to get such an encrypted disk mounted? Thanks in advance Kind regards Dominik -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/libguestfs/attachments/20221005/14b6d178/attachment.htm>
Laszlo Ersek
2022-Oct-06 10:16 UTC
[Libguestfs] Parameter 'encrypt.key-secret' is required for cipher for virt-ls
On 10/05/22 16:06, Do Re wrote:> Hello all, > > background: One of my VM stopped working - on startup, I get the message > "No bootable device" in the virtual machine. > > I would like to inspect the corresponding image with libguestfs-tools. > > However, I don't know how to pass the encryption key to the tool. For > example: > > virt-ls -a /opt/vm_witherror/machine1.qcow2 / > libguestfs: trace: set_verbose true > libguestfs: trace: set_verbose = 0 > libguestfs: create: flags = 0, handle = 0x5645c40d6b00, program = virt-ls > libguestfs: trace: add_drive "/opt/vm_witherror/machine1.qcow2" > "readonly:true" > libguestfs: creating COW overlay to protect original drive content > libguestfs: trace: get_tmpdir > libguestfs: trace: get_tmpdir = "/tmp" > libguestfs: trace: disk_create "/tmp/libguestfsxECmri/overlay1.qcow2" > "qcow2" -1 "backingfile:/opt/vm_witherror/machine1.qcow2" > libguestfs: command: run: qemu-img > libguestfs: command: run: \ create > libguestfs: command: run: \ -f qcow2 > libguestfs: command: run: \ -o backing_file=/opt/vm_witherror/machine1.qcow2 > libguestfs: command: run: \ /tmp/libguestfsxECmri/overlay1.qcow2 > qemu-img: /tmp/libguestfsxECmri/overlay1.qcow2: Parameter > 'encrypt.key-secret' is required for cipher > Could not open backing image. > libguestfs: error: qemu-img: /tmp/libguestfsxECmri/overlay1.qcow2: > qemu-img exited with error status 1, see debug messages above > libguestfs: trace: disk_create = -1 (error) > libguestfs: trace: add_drive = -1 (error) > libguestfs: trace: close > libguestfs: closing guestfs handle 0x5645c40d6b00 (state 0) > libguestfs: command: run: rm > libguestfs: command: run: \ -rf /tmp/libguestfsxECmri > > > Could you please provide an example on how to get such an encrypted disk > mounted?My understanding is that libguestfs (and guestfs-tools) do not currently support the kind of encrypted disk where the encryption is implemented by QEMU, at the qcow2 layer. The kind of encryption that's expected to work is where you use LUKS internally to the guest; in other words, where disk encryption is handled by the guest kernel, rather than by QEMU. Laszlo