On 10/12/2020 11:37 AM, Peter Krempa wrote: > On Mon, Oct 12, 2020 at 11:27:20 +0200, john doe wrote: >> Hi, thank you for your answer, I'm sending this privatly as you asked >> for private information. >> Can I ask you to keep those information private? >> >> On 10/12/2020 10:29 AM, Peter Krempa wrote: >>> On Mon, Oct 12, 2020 at 10:03:15 +0200, john doe wrote: >>>> Hi, >>>> >>>> I have installed Debian Buster with encrypted LVM so apon installation >>>> my root partition is encrypted. >>>> So far so good but as soon as I encrypt the boot partition, after >>>> reboot >>>> the OS won't start. >>>> If I start the drive directly with qemu, it works but it looks like >>>> Libvirt is somehow not able to deel with it. >>> >>> This is not enough information to diagnose the problem. >>> >>> We'll need the following: >>> >>> 1) Did you encrypt the partition using the debian installer >>> >> >> No, I did it after installation following the instructions at (1). >> >>> 2) what vm XML you used: >>>       a) during installation >> >> The domain xml file was created by virt-install with the following >> command: >> $ virsh destroy try01; virsh undefine try01; time virt-install >> --name=try01 --ram=1024 --noreboot --cpuset=auto --cpu host >> --vcpus=1,maxvcpus=4 --disk=path=/mnt/usbkey01/machines/try/try01,size=6 >> --graphic none --pxe --os-variant=debian10 --network >> bridge=br0,mac=0e:35:32:84:c3:f3 --filesystem >> type=mount,mode=mapped,source=/mnt/usbkey01/public,target=public_dir >> >>>       b) when trying to finally boot the vm >>> >> >> Attached as 'try01.xml' obtained by doing 'virsh dumpxml try01 > >> try01.xml'. >> >>> 3) what qemu command line you've used at the point you claim it worked >>> >> >> qemu-system-x86_64 -drive file=/mnt/usbkey01/machines/try/try01 -m 1024 >> -boot c -accel kvm   -machine q35 -nographic >> >>> 4) what is the error/final state when the VM fails to boot with libvirt >>> >> >> After having encrypted the boot partition: >> >> $virsh console try01 >> root@0e-35-32-84-c3-f3:# [  208.513259] watchdog: watchdog0: watchdog >> did not stop! >> [  208.855971] reboot: Restarting system >> >> >> $ qemu-system-x86_64 -drive file=/mnt/usbkey01/machines/try/try01 -m >> 1024 -boot c -accel kvm   -machine q35 -nographic >> SeaBIOS (version 1.12.0-1) >> >> >> iPXE (http://ipxe.org) 00:02.0 C980 PCI2.10 PnP PMM+3FF8FE80+3FECFE80 >> C980 >> >> >> >> Booting from Hard Disk... >> Attempting to decrypt master key... >> Enter passphrase for hd0,msdos1 (43a322dfc8ba4628b80afc66d49642a7): >> >> >> As you can see above, if I invoked qemu directly, I get prompted for the >> boot passthrase but I'm not getting it when using libvirt. > > Okay, so the root cause ... or "problem" here is that you don't see the > console via 'virsh console' after the guest OS rebooted. > > My suspicion according to the VM XML is that the VM restart triggered a > restart of the qemu process and thus our internal handler of the console > passthrough disconnected. > > Please try a "virsh destroy $VM" if the VM is running/stuck waiting for > the password without actually showing it and then start it using > > virsh start --console $VM > > This will start it and connect to the console immediately. > > Please report your findings, we might want to discuss what happens when > a console is connected and the guest uses a setting of: > > <on_reboot>restart</on_reboot> > > when the VM is rebooted. > Still no luck: $ virsh destroy try01; virsh start --console try01 error: Failed to destroy domain try01 error: Requested operation is not valid: domain is not running Domain try01 started Connected to domain try01 Escape character is ^] I did not modify anything during the time I sent my answer and seeing yours.