I'm trying to import an appliance image from a vendor. It is based on Debian. For some added level of "security" I guess, the vendor disk image has the root filesystem encrypted (and then the key is in the initrd - I know that's no real added security, but... whatever). Trying to import this VM into oVirt fails because it can't find/mount the root filesystem. Is there any way around this? -- Chris Adams <cma@cmadams.net>
Hi, unfortunately virt-v2v cannot import VMs with encrypted root file system. Moreover import of Debian/Ubuntu/Mint guests is not yet supported by oVirt either. For that you would need development version of virt-v2v. There are no packages for RHEL/CentOS yet. There should be packages in Fedora rawhide if you feel brave enough to setup such host in oVirt (Note: I'm not suggesting you or anyone should do that). Best regards, Tomas On Tue, 8 Nov 2016 10:30:01 -0600 Chris Adams <cma@cmadams.net> wrote:
I'm trying to import an appliance image from a vendor. It is based on Debian. For some added level of "security" I guess, the vendor disk image has the root filesystem encrypted (and then the key is in the initrd - I know that's no real added security, but... whatever).
Trying to import this VM into oVirt fails because it can't find/mount the root filesystem.
Is there any way around this?
-- Chris Adams <cma@cmadams.net> _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Tomáš Golembiovský <tgolembi@redhat.com>
Once upon a time, Tomáš Golembiovský <tgolembi@redhat.com> said:
unfortunately virt-v2v cannot import VMs with encrypted root file system. Moreover import of Debian/Ubuntu/Mint guests is not yet supported by oVirt either. For that you would need development version of virt-v2v. There are no packages for RHEL/CentOS yet. There should be packages in Fedora rawhide if you feel brave enough to setup such host in oVirt (Note: I'm not suggesting you or anyone should do that).
So, I went the manual route. I made a new VM of appropriate size, with a non-thin-provisioned IDE disk, and booted it from a rescue CD. I extracted the vmdk from the ova file, used qemu-img to convert it to raw, and used netcat to dump it over the network into the VM and onto the disk. That of course doesn't do any of the things that should be done to "convert" a VM, but (at least in this case), it appears to have worked "good enough" (the VM boots and gets on the network). Still amused that somebody thinks distributing an image with encrypted filesystems, and the key for that encryption in the initrd, does anything to "secure" their image. Sigh... -- Chris Adams <cma@cmadams.net>
participants (2)
-
Chris Adams -
Tomáš Golembiovský