Monday, July 6, 2015

find kvm vm system name on their raw disks

 I have a problem.  
 Someone not me installed a bunch of Linux KVM Servers and didn't bother to name the VMs something sane. That someone also didn't bother to keep note of VM to canonical DNS name or even IP.  
 What a drag.  
 virsh isn't much use.  
 I need to access the raw disks and grep around.  
 Did I mention these were Linux and Windows KVM VMs? Yeah. My KVM server farm is all CentOS 6 x86_64.  
 Install guestfish  
 [root@kvmserver ~]# yum install guestfish  
 [root@kvmserver ~]# yum install libguestfs-winsupport  
 Let's find the vms on the system.  
 [root@kvmserver ~]# virsh list --all  
  Id  Name              State  
  1   poc19          running     <--- windows
  -   poc20          shut off    <--- linux
 Let's find the VMs disk.  
 [root@kvmserver ~]# virsh dumpxml poc20 | grep 'source file'  
    <source file='/home/vm-disk/poc20.img'/>  
 Let's create a place to mount the disk and where we're going to do our work:  
 [root@kvmserver ~]# mkdir /mnt/poc20  
 [root@kvmserver ~]# guestmount -a /home/vm-disk/poc20.img -i --ro /mnt/poc20/  
 [root@kvmserver ~]# ls /mnt/poc20/  
 bin boot dev etc home lib lib64 lost+found media mnt opt proc root sbin selinux srv sys tmp usr var  
 cat /mnt/poc20/etc/sysconfig/network  
 Now, let's umount the work directory. to unmount you'd figure you'd use guestumount /mountpoint  
 [root@kvmserver ~]# guestunmount   
 -bash: guestunmount: command not found  
 nope. bad man bad bad.  
 [root@kvmserver ~]# fusermount -u /tmp/mount  
 [root@kvmserver ~]# cd /mnt/poc20/  
 [root@kvmserver poc20]# ls  
 For the Windows system (poc19) you may do the same disk mount procedure. And you can walk around the filesystem no problem.  
 And yes, you may do this on a live, running VM.  
 I want that hostname. And you know and I know that Windows 7 has its hostname here:  
 We already yum install libguestfs-winsupport  
 Now, get chntpw (a Linux-based Windows registry editor)  
 per: do stuff for your distro.  
 [root@kvmserver ~]# cd /usr/local/src  
 [root@kvmserver src]# wget  
 [root@kvmserver src]# rpm -Uvh nux-dextop-release*rpm  
 [root@kvmserver src]# yum install chntpw  
 Do the whole mount thing. Then run chntpw.  
 [root@kvmserver ~]# cd /mnt/poc19/Windows/System32/config  
 [root@kvmserver config]# chntpw SYSTEM  
 chntpw version 0.99.6 110511 , (c) Petter N Hagen  
 openHive(SYSTEM) failed: Read-only file system, trying read-only  
 Hive <SYSTEM> name (from header): <SYSTEM>  
 ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c <lh>  
 File size 10223616 [9c0000] bytes, containing 2166 pages (+ 1 headerpage)  
 Used for data: 150888/9612696 blocks/bytes, unused: 4820/177064 blocks/bytes.  
 Simple registry editor. ? for help.  
 > ls          
 Node has 8 subkeys and 0 values  
  key name  
 > cd ControlSet001\Control\ComputerName\ComputerName  
 (...)\Control\ComputerName\ComputerName> cat ComputerName  
 Value <ComputerName> of type REG_SZ, data length 20 [0x14]  
 (...)\Control\ComputerName\ComputerName> q  
 Yay. We have a name.  
Post a Comment