7:30 p.m.
I'm trying to import an appliance image from a vendor. It is based on
Debian. For some added level of "security" I guess, the vendor disk
image has the root filesystem encrypted (and then the key is in the
initrd - I know that's no real added security, but... whatever).
Trying to import this VM into oVirt fails because it can't find/mount
the root filesystem.
Is there any way around this?
--
Chris Adams <cma(a)cmadams.net>
3:52 p.m.
Hi,
unfortunately virt-v2v cannot import VMs with encrypted root file
system. Moreover import of Debian/Ubuntu/Mint guests is not yet
supported by oVirt either. For that you would need development version
of virt-v2v. There are no packages for RHEL/CentOS yet. There should be
packages in Fedora rawhide if you feel brave enough to setup such host
in oVirt (Note: I'm not suggesting you or anyone should do that).
Best regards,
Tomas
On Tue, 8 Nov 2016 10:30:01 -0600
Chris Adams <cma(a)cmadams.net> wrote:
I'm trying to import an appliance image from a vendor. It is
based on
Debian. For some added level of "security" I guess, the vendor disk
image has the root filesystem encrypted (and then the key is in the
initrd - I know that's no real added security, but... whatever).
Trying to import this VM into oVirt fails because it can't find/mount
the root filesystem.
Is there any way around this?
--
Chris Adams <cma(a)cmadams.net>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--
Tomáš Golembiovský <tgolembi(a)redhat.com>
5:29 p.m.
Once upon a time, Tomáš Golembiovský <tgolembi(a)redhat.com> said:
unfortunately virt-v2v cannot import VMs with encrypted root file
system. Moreover import of Debian/Ubuntu/Mint guests is not yet
supported by oVirt either. For that you would need development version
of virt-v2v. There are no packages for RHEL/CentOS yet. There should be
packages in Fedora rawhide if you feel brave enough to setup such host
in oVirt (Note: I'm not suggesting you or anyone should do that).
So, I went the manual route. I made a new VM of appropriate size, with
a non-thin-provisioned IDE disk, and booted it from a rescue CD. I
extracted the vmdk from the ova file, used qemu-img to convert it to
raw, and used netcat to dump it over the network into the VM and onto
the disk.
That of course doesn't do any of the things that should be done to
"convert" a VM, but (at least in this case), it appears to have worked
"good enough" (the VM boots and gets on the network).
Still amused that somebody thinks distributing an image with encrypted
filesystems, and the key for that encryption in the initrd, does
anything to "secure" their image. Sigh...
--
Chris Adams <cma(a)cmadams.net>
2935
days inactive
2936
days old
2 comments
2 participants
participants (2)
-
Chris Adams -
Tomáš Golembiovský