Uploaded image for project: 'Migration Toolkit for Virtualization'
  1. Migration Toolkit for Virtualization
  2. MTV-3875

[RFE] Support using key file to decryption the luks device

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • Controller
    • None
    • Incidents & Support
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected

      There is no way to decrypt the LUKS device that was encrypted with the binary key file. So the migration will fail.

      Reproduce step:

      • Create the Luks device by binary key-file on a VM:
      # pvcreate /dev/sdb
# vgcreate testvg /dev/sdb
# lvcreate -l100%FREE -n testlv testvg

# dd if=/dev/urandom of=/root/my.key bs=6400 count=1

# cryptsetup luksFormat /dev/mapper/testvg-testlv /root/my.key
# cryptsetup luksOpen /dev/mapper/testvg-testlv  luks-testlv --key-file /root/my.key

# mkfs -t xfs /dev/mapper/luks-testlv
# mkdir /mnt/luks

# mount /dev/mapper/luks-testlv  /mnt/luks
# vi /etc/crypttab
luks-testlv /dev/mapper/testvg-testlv /root/my.key luks
      • No way to migrate this kind of VM, because no way to enter this binary key-file. Even if changing the secret, still not works:
      
# oc create secret generic my-luks-key-secret --from-file=0=my.key
# oc get plan test -o yaml | yq '.spec.vms'
- id: vm-11003
  luks:
    name: my-luks-key-secret
  name: rhel8-mtv

              gcheresh@redhat.com Genadi Chereshnya
              rhn-support-xiaoyali Xiaoyan Liu
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: