Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-19367

[RFE] LUKS - implement --key all:<selector> (libguestfs)

    • Icon: Story Story
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • rhel-9.4
    • rhel-9.3.0
    • libguestfs
    • None
    • libguestfs-1.50.1-7.el9
    • Medium
    • rhel-sst-virtualization
    • ssg_virtualization
    • 7
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None

      Goal

      • Have the option to insert a key or keys without UUID
        • For example: As a User, I Want convert a VM(s), so that I won't be needed to insert the UUID/device name for LUKS, if multiple devices are available, a list of keys will be a possibility.

      The main idea is using it for MTV, mass VMs migrations. A user will be able to set a list of keys for LUKS encryption and virt-v2v will succeed with the given keys to convert the VMs.

      e.g: 3 VMs, VM1 with UUID1 LUKS encrypted, VM2 with UUID2 no LUKS encryption, and VM3 with UUID3 and UUID4 both LUKS encrypted.

      The keys will be UUID1:key1, UUID3:key3 and so on.

      Given the `--key UUID1:key1 --key UUID3:key3 --key:UUID4:key4`, virt-v2v will succeed the operation on each VM.

       

      After offline discussion with Richard, the propose is about `–key:all` where `all` suggests - try all UUIDs on the VM.

      In addition it might be `–key all:key` for a single key, or `–key all:datastore`, where datastore will be a path to a file containing a list of keys to try all of them.

       

      I also wish (if possible), to fallback to clevis. If there is no fit key given (as argument or in the datastore file), maybe clevis will work.

       

      Related MTV bug: https://github.com/kubev2v/forklift/issues/567

              rhn-eng-rjones Richard Jones
              lrotenbe Liran Rotenberg
              virt-maint virt-maint
              Yongkui Guo Yongkui Guo
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: