[close/solved] Mount qcow2 image encrypted with LUKS

[PsySc0rpi0n]

Hello.

I have a qcow2 image file that contains a Luks encrypted LVM volume. This VM doesn't have (I don't want it to have) any internet connectivity, so, when I start it, I use "-nic none" but I need to send a file into this vm. So, the option was to use "guestmount" to be able to mount the image and put the files somewere inside the mounted image!

Now, when I use the following command:

Code: Select all

$ sudo guestmount -a Storage/Software/Linux/LinuxVirtPool/Debian-10.0.0 --key "ID":key:my_paintext_password -m /dev/sda5 /media/psysc0rpi0n/tmpmount/

I get the follwoing errors:

Code: Select all

libguestfs: error: mount_options: mount exited with status 32: mount: /sysroot: unknown filesystem type 'crypto_LUKS'.
guestmount: ‘/dev/sda5’ could not be mounted.
guestmount: Did you mean to mount one of these filesystems?
guestmount: 	/dev/sda1 (ext2)

What am I doing wrong and how can I make this work? I'm out of knowledge!

[PsySc0rpi0n]

I tried to connect this image file as a network block device with

Code: Select all

sudo qemu-nbd --connect=/dev/nbd0 Storage/Software/Linux/LinuxVirtPool/Debian-10.0.0

and then tried to use "guestmount", but I'm not sure if this is meant to be used this way!
I get errors from libguestfs

Code: Select all

sudo guestmount -a Storage/Software/Linux/LinuxVirtPool/Debian-10.0.0 --key "ID":key:my_plaintext_password -m /dev/nbd0p1 /media/psysc0rpi0n/tmpmount/
libguestfs: error: appliance closed the connection unexpectedly.
This usually means the libguestfs appliance crashed.
Do:
  export LIBGUESTFS_DEBUG=1 LIBGUESTFS_TRACE=1
and run the command again.  For further information, read:
  http://libguestfs.org/guestfs-faq.1.html#debugging-libguestfs
You can also run 'libguestfs-test-tool' and post the *complete* output
into a bug report or message to the libguestfs mailing list.
libguestfs: error: guestfs_launch failed.
This usually means the libguestfs appliance failed to start or crashed.
Do:
  export LIBGUESTFS_DEBUG=1 LIBGUESTFS_TRACE=1
and run the command again.  For further information, read:
  http://libguestfs.org/guestfs-faq.1.html#debugging-libguestfs
You can also run 'libguestfs-test-tool' and post the *complete* output
into a bug report or message to the libguestfs mailing lis

[CwF]

In my uses I've tried my best to eliminate the need to use guesmount...so off the top of my head;

attach the orphaned cow to a virtual machine and then
use the vm directly, or
use guestmount with the -d switch designating the domain of the vm and it's drive /dev/sda1

this should help with mounting a multi-partition image, otherwise a 'partprobe' step might be needed.

I haven't done this in awhile...

[p.H]

the option was to use "guestmount" to be able to mount the image and put the files somewere inside the mounted image!

Why not just use another plain image ?

mount: /sysroot: unknown filesystem type 'crypto_LUKS'.

A LUKS device cannot be mounted, it is not a filesystem. It must be "opened" with cryptsetup, which creates a virtual device. If the virtual device contains a filesystem, it can be mounted. If it contains an LVM physical volume, its logical volumes can be activated with vgchange or lvchange. Then a logical volume containing a filesystem can be mounted.

[PsySc0rpi0n]

the option was to use "guestmount" to be able to mount the image and put the files somewere inside the mounted image!

Why not just use another plain image ?

mount: /sysroot: unknown filesystem type 'crypto_LUKS'.

A LUKS device cannot be mounted, it is not a filesystem. It must be "opened" with cryptsetup, which creates a virtual device. If the virtual device contains a filesystem, it can be mounted. If it contains an LVM physical volume, its logical volumes can be activated with vgchange or lvchange. Then a logical volume containing a filesystem can be mounted.

I'm not sure I understand. What you mean "use another plain image? Can you exemplify, please?

About a LUKS device cannot be mounted, how then would I deal with this? Can you please explain?
I mean, it's a LUKS device, but it is inside a qcow2 image! I'm not sure how to proceed! Or which steps to follow! Im confused to be honest!

[p.H]

What you mean "use another plain image?

Just as you can add a physical drive to a physical machine, you can add a virtual drive (without encryption nor LVM) to a virtual machine.

I mean, it's a LUKS device, but it is inside a qcow2 image! I'm not sure how to proceed!

I don't know either. I do not deal with qcow2 images and I don't know how guestmount works.

[CwF]

I don't know how guestmount works

It is basically a guided and somewhat automated losetup. Useful to -RO monitor a live vm or edit an image without 'running' it.

OP needs to rethink their methodologies. This is two poor choices compounded, for a simple need, with a simple solution. I'll refrain...

[PsySc0rpi0n]

I don't know how guestmount works

It is basically a guided and somewhat automated losetup. Useful to -RO monitor a live vm or edit an image without 'running' it.

OP needs to rethink their methodologies. This is two poor choices compounded, for a simple need, with a simple solution. I'll refrain...

You mean I'm at a dead end here? That I cannot share a folder with my vm so that I can access files in that shared folder in any way?

[CwF]

I can access files in that shared folder in any way?

You can.
"share" is two-way, from guest or host. That could be virtiofs.
Spice, through the guest agent also does not depend on a nic. Download what you want on the host and simply drag it to the guest viewer window and it will appear on the guest desktop.

Set up a 'intranet' and a crossover somewhere.

Utilize a virtual usb or real usb drive.

Mount the cow in another vm.
etc.

Really, LVM isn't all that appropriate to be run inside a qcow2 container even though it works, since all qcow advantages are nullified. Write that image out to a disk and pass the entire disc, then optionally mounting on the host for maintenance. The cow is a valid archive of the disc, I use it without the -c switch of course, but superfluous as a runtime. I'm 99% sure I've mounted a LVM image in guestmount and 100% sure I told myself to not do that again...it needs a partprobe step to see sda5 and so on, clumsy and unnecessary.

[PsySc0rpi0n]

I can access files in that shared folder in any way?

You can.
"share" is two-way, from guest or host. That could be virtiofs.
Spice, through the guest agent also does not depend on a nic. Download what you want on the host and simply drag it to the guest viewer window and it will appear on the guest desktop.

Set up a 'intranet' and a crossover somewhere.

Utilize a virtual usb or real usb drive.

Mount the cow in another vm.
etc.

Really, LVM isn't all that appropriate to be run inside a qcow2 container even though it works, since all qcow advantages are nullified. Write that image out to a disk and pass the entire disc, then optionally mounting on the host for maintenance. The cow is a valid archive of the disc, I use it without the -c switch of course, but superfluous as a runtime. I'm 99% sure I've mounted a LVM image in guestmount and 100% sure I told myself to not do that again...it needs a partprobe step to see sda5 and so on, clumsy and unnecessary.

Ok, I'll try to change the approach on using qcow2 and LVM after I am able to transfer a file to this existing VM.
I tried to enable Spice in QEMU by running the VM with the following command:

Code: Select all

sudo qemu-system-x86_64 -cpu host -enable-kvm -smp 4 -m 8192 -drive file=Storage/Software/Linux/LinuxVirtPool/Debian-10.0.0,if=virtio -nic none -spice port=3001,disable-ticketing

And then, in another terminal:

Code: Select all

remote-viewer spice://127.0.0.1:3001

The VM started normally but whrn I try to drag-n-drop, I get the following errors in the command line:

Code: Select all

(remote-viewer:4265): virt-viewer-WARNING **: 23:10:00.548: File transfer task 0x55b16b47e650 failed: The agent is not connected

(remote-viewer:4265): GSpice-WARNING **: 23:10:00.548: File transfer failed with error: Transferring 1 files: 0 succeed, 0 cancelled, 1 failed

[CwF]

In the guest install 'spice-vdagent'

If you can afford 8GB to the guest, you have the resources to make this easy and run VMM.

[PsySc0rpi0n]

In the guest install 'spice-vdagent'

If you can afford 8GB to the guest, you have the resources to make this easy and run VMM.

In the guest, I don't have internet connectivity, remember? :p

[CwF]

In the guest, I don't have internet connectivity, remember? :p

...keep thinking!

Set up a 'intranet' and a crossover somewhere.

Utilize a virtual usb or real usb drive.

Mount the cow in another vm.
etc.

[Head_on_a_Stick]

Code: Select all

sudo qemu-system-x86_64 -cpu host -enable-kvm -smp 4 -m 8192 -drive file=Storage/Software/Linux/LinuxVirtPool/Debian-10.0.0,if=virtio -nic none -spice port=3001,disable-ticketing

sudo qemu? Really? Don't do that, it's moronic.

For file sharing in a VM with 9p (the best method by far) see https://wiki.qemu.org/Documentation/9psetup

[CwF]

(the best method by far)

. That could be virtiofs.

even better once all involved kernels are > 5.somthin'

[PsySc0rpi0n]

I'm going to close this thread because I'm not going further with this.
I'm taking another approach with a new VM. Will try to do things differently and I'll open a new thread for it!

Thanks
Psy