Skip to content

Latest commit

 

History

History
1636 lines (1026 loc) · 41.5 KB

guestfish.pod

File metadata and controls

1636 lines (1026 loc) · 41.5 KB
Raw

NAME

guestfish - the guest filesystem shell

SYNOPSIS

guestfish [--options] [commands]

guestfish

guestfish [--ro|--rw] -a disk.img

guestfish [--ro|--rw] -a disk.img -m dev[:mountpoint]

guestfish -d libvirt-domain

guestfish [--ro|--rw] -a disk.img -i

guestfish -d libvirt-domain -i

WARNING

Using guestfish in read/write mode on live virtual machines can be dangerous, potentially causing disk corruption. Use the --ro (read-only) option to use guestfish safely if the disk image or virtual machine might be live.

DESCRIPTION

Guestfish is a shell and command-line tool for examining and modifying virtual machine filesystems. It uses libguestfs and exposes all of the functionality of the guestfs API, see guestfs(3).

Guestfish gives you structured access to the libguestfs API, from shell scripts or the command line or interactively. If you want to rescue a broken virtual machine image, you should look at the virt-rescue(1) command.

EXAMPLES

As an interactive shell

$ guestfish

Welcome to guestfish, the guest filesystem shell for
editing virtual machine filesystems.

Type: 'help' for a list of commands
      'man' to read the manual
      'quit' to quit the shell

><fs> add-ro disk.img
><fs> run
><fs> list-filesystems
/dev/sda1: ext4
/dev/vg_guest/lv_root: ext4
/dev/vg_guest/lv_swap: swap
><fs> mount /dev/vg_guest/lv_root /
><fs> cat /etc/fstab
# /etc/fstab
# Created by anaconda
[...]
><fs> exit

From shell scripts

Create a new /etc/motd file in a guest or disk image:

guestfish <<_EOF_
add disk.img
run
mount /dev/vg_guest/lv_root /
write /etc/motd "Welcome, new users"
_EOF_

List the LVM logical volumes in a disk image:

guestfish -a disk.img --ro <<_EOF_
run
lvs
_EOF_

List all the filesystems in a disk image:

guestfish -a disk.img --ro <<_EOF_
run
list-filesystems
_EOF_

On one command line

Update /etc/resolv.conf in a guest:

guestfish \
  add disk.img : run : mount /dev/vg_guest/lv_root / : \
  write /etc/resolv.conf "nameserver 1.2.3.4"

Edit /boot/grub/grub.conf interactively:

guestfish --rw --add disk.img \
  --mount /dev/vg_guest/lv_root \
  --mount /dev/sda1:/boot \
  edit /boot/grub/grub.conf

Mount disks automatically

Use the -i option to automatically mount the disks from a virtual machine:

guestfish --ro -a disk.img -i cat /etc/group

guestfish --ro -d libvirt-domain -i cat /etc/group

Another way to edit /boot/grub/grub.conf interactively is:

guestfish --rw -a disk.img -i edit /boot/grub/grub.conf

As a script interpreter

Create a 100MB disk containing an ext2-formatted partition:

#!/usr/bin/guestfish -f
sparse test1.img 100M
run
part-disk /dev/sda mbr
mkfs ext2 /dev/sda1

Start with a prepared disk

An alternate way to create a 100MB disk called test1.img containing a single ext2-formatted partition:

guestfish -N fs

To list what is available do:

guestfish -N help | less

Remote drives

Access a remote disk using ssh:

guestfish -a ssh://example.com/path/to/disk.img

Remote control

eval "`guestfish --listen`"
guestfish --remote add-ro disk.img
guestfish --remote run
guestfish --remote lvs

OPTIONS

--help

Displays general help on options.

-h
--cmd-help

Lists all available guestfish commands.

-h cmd
--cmd-help cmd

Displays detailed help on a single command cmd.

-a image
--add image

Add a block device or virtual machine image to the shell.

The format of the disk image is auto-detected. To override this and force a particular format use the --format=.. option.

Using this flag is mostly equivalent to using the add command, with readonly:true if the --ro flag was given, and with format:... if the --format=... flag was given.

-a URI
--add URI

Add a remote disk. See "ADDING REMOTE STORAGE".

-c URI
--connect URI

When used in conjunction with the -d option, this specifies the libvirt URI to use. The default is to use the default libvirt connection.

--csh

If using the --listen option and a csh-like shell, use this option. See section "REMOTE CONTROL AND CSH" below.

-d libvirt-domain
--domain libvirt-domain

Add disks from the named libvirt domain. If the --ro option is also used, then any libvirt domain can be used. However in write mode, only libvirt domains which are shut down can be named here.

Domain UUIDs can be used instead of names.

Using this flag is mostly equivalent to using the add-domain command, with readonly:true if the --ro flag was given, and with format:... if the --format=... flag was given.

--echo-keys

When prompting for keys and passphrases, guestfish normally turns echoing off so you cannot see what you are typing. If you are not worried about Tempest attacks and there is no one else in the room you can specify this flag to see what you are typing.

-f file
--file file

Read commands from file. To write pure guestfish scripts, use:

#!/usr/bin/guestfish -f
--format=raw|qcow2|..
--format

The default for the -a option is to auto-detect the format of the disk image. Using this forces the disk format for -a options which follow on the command line. Using --format with no argument switches back to auto-detection for subsequent -a options.

For example:

guestfish --format=raw -a disk.img

forces raw format (no auto-detection) for disk.img.

guestfish --format=raw -a disk.img --format -a another.img

forces raw format (no auto-detection) for disk.img and reverts to auto-detection for another.img.

If you have untrusted raw-format guest disk images, you should use this option to specify the disk format. This avoids a possible security problem with malicious guests (CVE-2010-3851). See also "add".

-i
--inspector

Using virt-inspector(1) code, inspect the disks looking for an operating system and mount filesystems as they would be mounted on the real virtual machine.

Typical usage is either:

guestfish -d myguest -i

(for an inactive libvirt domain called myguest), or:

guestfish --ro -d myguest -i

(for active domains, readonly), or specify the block device directly:

guestfish --rw -a /dev/Guests/MyGuest -i

Note that the command line syntax changed slightly over older versions of guestfish. You can still use the old syntax:

guestfish [--ro] -i disk.img

guestfish [--ro] -i libvirt-domain

Using this flag is mostly equivalent to using the inspect-os command and then using other commands to mount the filesystems that were found.

--keys-from-stdin

Read key or passphrase parameters from stdin. The default is to try to read passphrases from the user by opening /dev/tty.

--listen

Fork into the background and listen for remote commands. See section "REMOTE CONTROL GUESTFISH OVER A SOCKET" below.

--live

Connect to a live virtual machine. (Experimental, see "ATTACHING TO RUNNING DAEMONS" in guestfs(3)).

-m dev[:mountpoint[:options[:fstype]]]
--mount dev[:mountpoint[:options[:fstype]]]

Mount the named partition or logical volume on the given mountpoint.

If the mountpoint is omitted, it defaults to /.

You have to mount something on / before most commands will work.

If any -m or --mount options are given, the guest is automatically launched.

If you don't know what filesystems a disk image contains, you can either run guestfish without this option, then list the partitions, filesystems and LVs available (see "list-partitions", "list-filesystems" and "lvs" commands), or you can use the virt-filesystems(1) program.

The third (and rarely used) part of the mount parameter is the list of mount options used to mount the underlying filesystem. If this is not given, then the mount options are either the empty string or ro (the latter if the --ro flag is used). By specifying the mount options, you override this default choice. Probably the only time you would use this is to enable ACLs and/or extended attributes if the filesystem can support them:

-m /dev/sda1:/:acl,user_xattr

Using this flag is equivalent to using the mount-options command.

The fourth part of the parameter is the filesystem driver to use, such as ext3 or ntfs. This is rarely needed, but can be useful if multiple drivers are valid for a filesystem (eg: ext2 and ext3), or if libguestfs misidentifies a filesystem.

--network

Enable QEMU user networking in the guest.

-N [filename=]type
--new [filename=]type
-N help

Prepare a fresh disk image formatted as "type". This is an alternative to the -a option: whereas -a adds an existing disk, -N creates a preformatted disk with a filesystem and adds it. See "PREPARED DISK IMAGES" below.

-n
--no-sync

Disable autosync. This is enabled by default. See the discussion of autosync in the guestfs(3) manpage.

--no-dest-paths

Don't tab-complete paths on the guest filesystem. It is useful to be able to hit the tab key to complete paths on the guest filesystem, but this causes extra "hidden" guestfs calls to be made, so this option is here to allow this feature to be disabled.

--pipe-error

If writes fail to pipe commands (see "PIPES" below), then the command returns an error.

The default (also for historical reasons) is to ignore such errors so that:

><fs> command_with_lots_of_output | head

doesn't give an error.

--progress-bars

Enable progress bars, even when guestfish is used non-interactively.

Progress bars are enabled by default when guestfish is used as an interactive shell.

--no-progress-bars

Disable progress bars.

--remote[=pid]

Send remote commands to $GUESTFISH_PID or pid. See section "REMOTE CONTROL GUESTFISH OVER A SOCKET" below.

-r
--ro

This changes the -a, -d and -m options so that disks are added and mounts are done read-only.

The option must always be used if the disk image or virtual machine might be running, and is generally recommended in cases where you don't need write access to the disk.

Note that prepared disk images created with -N are not affected by this option. Also commands like add are not affected - you have to specify the readonly:true option explicitly if you need it.

See also "OPENING DISKS FOR READ AND WRITE" below.

--selinux

Enable SELinux support for the guest. See "SELINUX" in guestfs(3).

-v
--verbose

Enable very verbose messages. This is particularly useful if you find a bug.

-V
--version

Display the guestfish / libguestfs version number and exit.

-w
--rw

This changes the -a, -d and -m options so that disks are added and mounts are done read-write.

See "OPENING DISKS FOR READ AND WRITE" below.

-x

Echo each command before executing it.

COMMANDS ON COMMAND LINE

Any additional (non-option) arguments are treated as commands to execute.

Commands to execute should be separated by a colon (:), where the colon is a separate parameter. Thus:

guestfish cmd [args...] : cmd [args...] : cmd [args...] ...

If there are no additional arguments, then we enter a shell, either an interactive shell with a prompt (if the input is a terminal) or a non-interactive shell.

In either command line mode or non-interactive shell, the first command that gives an error causes the whole shell to exit. In interactive mode (with a prompt) if a command fails, you can continue to enter commands.

USING launch (OR run)

As with guestfs(3), you must first configure your guest by adding disks, then launch it, then mount any disks you need, and finally issue actions/commands. So the general order of the day is:

  • add or -a/--add

  • launch (aka run)

  • mount or -m/--mount

  • any other commands

run is a synonym for launch. You must launch (or run) your guest before mounting or performing any other commands.

The only exception is that if any of the -i, -m, --mount, -N or --new options were given then run is done automatically, simply because guestfish can't perform the action you asked for without doing this.

OPENING DISKS FOR READ AND WRITE

The guestfish, guestmount(1) and virt-rescue(1) options --ro and --rw affect whether the other command line options -a, -c, -d, -i and -m open disk images read-only or for writing.

In libguestfs ≤ 1.10, guestfish, guestmount and virt-rescue defaulted to opening disk images supplied on the command line for write. To open a disk image read-only you have to do -a image --ro.

This matters: If you accidentally open a live VM disk image writable then you will cause irreversible disk corruption.

In a future libguestfs we intend to change the default the other way. Disk images will be opened read-only. You will have to either specify guestfish --rw, guestmount --rw, virt-rescue --rw, or change the configuration file in order to get write access for disk images specified by those other command line options.

This version of guestfish, guestmount and virt-rescue has a --rw option which does nothing (it is already the default). However it is highly recommended that you use this option to indicate that you need write access, and prepare your scripts for the day when this option will be required for write access.

Note: This does not affect commands like "add" and "mount", or any other libguestfs program apart from guestfish and guestmount.

QUOTING

You can quote ordinary parameters using either single or double quotes. For example:

add "file with a space.img"

rm '/file name'

rm '/"'

A few commands require a list of strings to be passed. For these, use a whitespace-separated list, enclosed in quotes. Strings containing whitespace to be passed through must be enclosed in single quotes. A literal single quote must be escaped with a backslash.

vgcreate VG "/dev/sda1 /dev/sdb1"
command "/bin/echo 'foo      bar'"
command "/bin/echo \'foo\'"

ESCAPE SEQUENCES IN DOUBLE QUOTED ARGUMENTS

In double-quoted arguments (only) use backslash to insert special characters:

\a

Alert (bell) character.

\b

Backspace character.

\f

Form feed character.

\n

Newline character.

\r

Carriage return character.

\t

Horizontal tab character.

\v

Vertical tab character.

\"

A literal double quote character.

\ooo

A character with octal value ooo. There must be precisely 3 octal digits (unlike C).

\xhh

A character with hex value hh. There must be precisely 2 hex digits.

In the current implementation \000 and \x00 cannot be used in strings.

\\

A literal backslash character.

OPTIONAL ARGUMENTS

Some commands take optional arguments. These arguments appear in this documentation as [argname:..]. You can use them as in these examples:

add filename

add filename readonly:true

add filename format:qcow2 readonly:false

Each optional argument can appear at most once. All optional arguments must appear after the required ones.

NUMBERS

This section applies to all commands which can take integers as parameters.

SIZE SUFFIX

When the command takes a parameter measured in bytes, you can use one of the following suffixes to specify kilobytes, megabytes and larger sizes:

k or K or KiB

The size in kilobytes (multiplied by 1024).

KB

The size in SI 1000 byte units.

M or MiB

The size in megabytes (multiplied by 1048576).

MB

The size in SI 1000000 byte units.

G or GiB

The size in gigabytes (multiplied by 2**30).

GB

The size in SI 10**9 byte units.

T or TiB

The size in terabytes (multiplied by 2**40).

TB

The size in SI 10**12 byte units.

P or PiB

The size in petabytes (multiplied by 2**50).

PB

The size in SI 10**15 byte units.

E or EiB

The size in exabytes (multiplied by 2**60).

EB

The size in SI 10**18 byte units.

Z or ZiB

The size in zettabytes (multiplied by 2**70).

ZB

The size in SI 10**21 byte units.

Y or YiB

The size in yottabytes (multiplied by 2**80).

YB

The size in SI 10**24 byte units.

For example:

truncate-size /file 1G

would truncate the file to 1 gigabyte.

Be careful because a few commands take sizes in kilobytes or megabytes (eg. the parameter to "memsize" is specified in megabytes already). Adding a suffix will probably not do what you expect.

OCTAL AND HEXADECIMAL NUMBERS

For specifying the radix (base) use the C convention: 0 to prefix an octal number or 0x to prefix a hexadecimal number. For example:

1234      decimal number 1234
02322     octal number, equivalent to decimal 1234
0x4d2     hexadecimal number, equivalent to decimal 1234

When using the chmod command, you almost always want to specify an octal number for the mode, and you must prefix it with 0 (unlike the Unix chmod(1) program):

chmod 0777 /public  # OK
chmod 777 /public   # WRONG! This is mode 777 decimal = 01411 octal.

Commands that return numbers usually print them in decimal, but some commands print numbers in other radices (eg. umask prints the mode in octal, preceded by 0).

WILDCARDS AND GLOBBING

Neither guestfish nor the underlying guestfs API performs wildcard expansion (globbing) by default. So for example the following will not do what you expect:

rm-rf /home/*

Assuming you don't have a directory called literally /home/* then the above command will return an error.

To perform wildcard expansion, use the glob command.

glob rm-rf /home/*

runs rm-rf on each path that matches (ie. potentially running the command many times), equivalent to:

rm-rf /home/jim
rm-rf /home/joe
rm-rf /home/mary

glob only works on simple guest paths and not on device names.

If you have several parameters, each containing a wildcard, then glob will perform a Cartesian product.

COMMENTS

Any line which starts with a # character is treated as a comment and ignored. The # can optionally be preceded by whitespace, but not by a command. For example:

# this is a comment
        # this is a comment
foo # NOT a comment

Blank lines are also ignored.

RUNNING COMMANDS LOCALLY

Any line which starts with a ! character is treated as a command sent to the local shell (/bin/sh or whatever system(3) uses). For example:

!mkdir local
tgz-out /remote local/remote-data.tar.gz

will create a directory local on the host, and then export the contents of /remote on the mounted filesystem to local/remote-data.tar.gz. (See tgz-out).

To change the local directory, use the lcd command. !cd will have no effect, due to the way that subprocesses work in Unix.

LOCAL COMMANDS WITH INLINE EXECUTION

If a line starts with <! then the shell command is executed (as for !), but subsequently any output (stdout) of the shell command is parsed and executed as guestfish commands.

Thus you can use shell script to construct arbitrary guestfish commands which are then parsed by guestfish.

For example it is tedious to create a sequence of files (eg. /foo.1 through /foo.100) using guestfish commands alone. However this is simple if we use a shell script to create the guestfish commands for us:

<! for n in `seq 1 100`; do echo write /foo.$n $n; done

or with names like /foo.001:

<! for n in `seq 1 100`; do printf "write /foo.%03d %d\n" $n $n; done

When using guestfish interactively it can be helpful to just run the shell script first (ie. remove the initial < character so it is just an ordinary ! local command), see what guestfish commands it would run, and when you are happy with those prepend the < character to run the guestfish commands for real.

PIPES

Use command <space> | command to pipe the output of the first command (a guestfish command) to the second command (any host command). For example:

cat /etc/passwd | awk -F: '$3 == 0 { print }'

(where cat is the guestfish cat command, but awk is the host awk program). The above command would list all accounts in the guest filesystem which have UID 0, ie. root accounts including backdoors. Other examples:

hexdump /bin/ls | head
list-devices | tail -1
tgz-out / - | tar ztf -

The space before the pipe symbol is required, any space after the pipe symbol is optional. Everything after the pipe symbol is just passed straight to the host shell, so it can contain redirections, globs and anything else that makes sense on the host side.

To use a literal argument which begins with a pipe symbol, you have to quote it, eg:

echo "|"

HOME DIRECTORIES

If a parameter starts with the character ~ then the tilde may be expanded as a home directory path (either ~ for the current user's home directory, or ~user for another user).

Note that home directory expansion happens for users known on the host, not in the guest filesystem.

To use a literal argument which begins with a tilde, you have to quote it, eg:

echo "~"

ENCRYPTED DISKS

Libguestfs has some support for Linux guests encrypted according to the Linux Unified Key Setup (LUKS) standard, which includes nearly all whole disk encryption systems used by modern Linux guests. Currently only LVM-on-LUKS is supported.

Identify encrypted block devices and partitions using "vfs-type":

><fs> vfs-type /dev/sda2
crypto_LUKS

Then open those devices using "luks-open". This creates a device-mapper device called /dev/mapper/luksdev.

><fs> luks-open /dev/sda2 luksdev
Enter key or passphrase ("key"): <enter the passphrase>

Finally you have to tell LVM to scan for volume groups on the newly created mapper device:

vgscan
vg-activate-all true

The logical volume(s) can now be mounted in the usual way.

Before closing a LUKS device you must unmount any logical volumes on it and deactivate the volume groups by calling vg-activate false VG on each one. Then you can close the mapper device:

vg-activate false /dev/VG
luks-close /dev/mapper/luksdev

WINDOWS PATHS

If a path is prefixed with win: then you can use Windows-style drive letters and paths (with some limitations). The following commands are equivalent:

file /WINDOWS/system32/config/system.LOG

file win:\windows\system32\config\system.log

file WIN:C:\Windows\SYSTEM32\CONFIG\SYSTEM.LOG

The parameter is rewritten "behind the scenes" by looking up the position where the drive is mounted, prepending that to the path, changing all backslash characters to forward slash, then resolving the result using "case-sensitive-path". For example if the E: drive was mounted on /e then the parameter might be rewritten like this:

win:e:\foo\bar => /e/FOO/bar

This only works in argument positions that expect a path.

UPLOADING AND DOWNLOADING FILES

For commands such as upload, download, tar-in, tar-out and others which upload from or download to a local file, you can use the special filename - to mean "from stdin" or "to stdout". For example:

upload - /foo

reads stdin and creates from that a file /foo in the disk image, and:

tar-out /etc - | tar tf -

writes the tarball to stdout and then pipes that into the external "tar" command (see "PIPES").

When using - to read from stdin, the input is read up to the end of stdin. You can also use a special "heredoc"-like syntax to read up to some arbitrary end marker:

upload -<<END /foo
input line 1
input line 2
input line 3
END

Any string of characters can be used instead of END. The end marker must appear on a line of its own, without any preceding or following characters (not even spaces).

Note that the -<< syntax only applies to parameters used to upload local files (so-called "FileIn" parameters in the generator).

EXIT ON ERROR BEHAVIOUR

By default, guestfish will ignore any errors when in interactive mode (ie. taking commands from a human over a tty), and will exit on the first error in non-interactive mode (scripts, commands given on the command line).

If you prefix a command with a - character, then that command will not cause guestfish to exit, even if that (one) command returns an error.

REMOTE CONTROL GUESTFISH OVER A SOCKET

Guestfish can be remote-controlled over a socket. This is useful particularly in shell scripts where you want to make several different changes to a filesystem, but you don't want the overhead of starting up a guestfish process each time.

Start a guestfish server process using:

eval "`guestfish --listen`"

and then send it commands by doing:

guestfish --remote cmd [...]

To cause the server to exit, send it the exit command:

guestfish --remote exit

Note that the server will normally exit if there is an error in a command. You can change this in the usual way. See section "EXIT ON ERROR BEHAVIOUR".

CONTROLLING MULTIPLE GUESTFISH PROCESSES

The eval statement sets the environment variable $GUESTFISH_PID, which is how the --remote option knows where to send the commands. You can have several guestfish listener processes running using:

eval "`guestfish --listen`"
pid1=$GUESTFISH_PID
eval "`guestfish --listen`"
pid2=$GUESTFISH_PID
...
guestfish --remote=$pid1 cmd
guestfish --remote=$pid2 cmd

REMOTE CONTROL AND CSH

When using csh-like shells (csh, tcsh etc) you have to add the --csh option:

eval "`guestfish --listen --csh`"

REMOTE CONTROL DETAILS

Remote control happens over a Unix domain socket called /tmp/.guestfish-$UID/socket-$PID, where $UID is the effective user ID of the process, and $PID is the process ID of the server.

Guestfish client and server versions must match exactly.

Older versions of guestfish were vulnerable to CVE-2013-4419 (see "CVE-2013-4419" in guestfs(3)). This is fixed in the current version.

USING REMOTE CONTROL ROBUSTLY FROM SHELL SCRIPTS

From Bash, you can use the following code which creates a guestfish instance, correctly quotes the command line, handles failure to start, and cleans up guestfish when the script exits:

#!/bin/bash -

set -e

guestfish[0]="guestfish"
guestfish[1]="--listen"
guestfish[2]="--ro"
guestfish[3]="-a"
guestfish[4]="disk.img"

GUESTFISH_PID=
eval $("${guestfish[@]}")
if [ -z "$GUESTFISH_PID" ]; then
    echo "error: guestfish didn't start up, see error messages above"
    exit 1
fi

cleanup_guestfish ()
{
    guestfish --remote -- exit >/dev/null 2>&1 ||:
}
trap cleanup_guestfish EXIT ERR

guestfish --remote -- run

# ...

REMOTE CONTROL DOES NOT WORK WITH -a ETC. OPTIONS

Options such as -a, --add, -N, --new etc don't interact properly with remote support. They are processed locally, and not sent through to the remote guestfish. In particular this won't do what you expect:

guestfish --remote --add disk.img

Don't use these options. Use the equivalent commands instead, eg:

guestfish --remote add-drive disk.img

or:

guestfish --remote
><fs> add disk.img

REMOTE CONTROL RUN COMMAND HANGING

Using the run (or launch) command remotely in a command substitution context hangs, ie. don't do (note the backquotes):

a=`guestfish --remote run`

Since the run command produces no output on stdout, this is not useful anyway. For further information see https://bugzilla.redhat.com/show_bug.cgi?id=592910.

PREPARED DISK IMAGES

Use the -N [filename=]type or --new [filename=]type parameter to select one of a set of preformatted disk images that guestfish can make for you to save typing. This is particularly useful for testing purposes. This option is used instead of the -a option, and like -a can appear multiple times (and can be mixed with -a).

The new disk is called test1.img for the first -N, test2.img for the second and so on. Existing files in the current directory are overwritten. You can use a different filename by specifying filename= before the type (see examples below).

The type briefly describes how the disk should be sized, partitioned, how filesystem(s) should be created, and how content should be added. Optionally the type can be followed by extra parameters, separated by : (colon) characters. For example, -N fs creates a default 100MB, sparsely-allocated disk, containing a single partition, with the partition formatted as ext2. -N fs:ext4:1G is the same, but for an ext4 filesystem on a 1GB disk instead.

Note that the prepared filesystem is not mounted. You would usually have to use the mount /dev/sda1 / command or add the -m /dev/sda1 option.

If any -N or --new options are given, the libguestfs appliance is automatically launched.

EXAMPLES

Create a 100MB disk with an ext4-formatted partition, called test1.img in the current directory:

guestfish -N fs:ext4

Create a 32MB disk with a VFAT-formatted partition, and mount it:

guestfish -N fs:vfat:32M -m /dev/sda1

Create a blank 200MB disk:

guestfish -N disk:200M

Create a blank 200MB disk called blankdisk.img (instead of test1.img):

guestfish -N blankdisk.img=disk:200M

__PREPOPTS__

ADDING REMOTE STORAGE

For API-level documentation on this topic, see "guestfs_add_drive_opts" in guestfs(3) and "REMOTE STORAGE" in guestfs(3).

On the command line, you can use the -a option to add network block devices using a URI-style format, for example:

guestfish -a ssh://root@example.com/disk.img

URIs cannot be used with the "add" command. The equivalent command using the API directly is:

><fs> add /disk.img protocol:ssh server:tcp:example.com username:root

The possible -a URI formats are described below.

-a disk.img

-a file:///path/to/disk.img

Add the local disk image (or device) called disk.img.

-a ftp://[user@]example.com[:port]/disk.img

-a ftps://[user@]example.com[:port]/disk.img

-a http://[user@]example.com[:port]/disk.img

-a https://[user@]example.com[:port]/disk.img

-a tftp://[user@]example.com[:port]/disk.img

Add a disk located on a remote FTP, HTTP or TFTP server.

The equivalent API command would be:

><fs> add /disk.img protocol:(ftp|...) server:tcp:example.com

-a gluster://example.com[:port]/volname/image

Add a disk image located on GlusterFS storage.

The server is the one running glusterd, and may be localhost.

The equivalent API command would be:

><fs> add volname/image protocol:gluster server:tcp:example.com

-a iscsi://example.com[:port]/target-iqn-name[/lun]

Add a disk located on an iSCSI server.

The equivalent API command would be:

><fs> add target-iqn-name/lun protocol:iscsi server:tcp:example.com

-a nbd://example.com[:port]

-a nbd://example.com[:port]/exportname

-a nbd://?socket=/socket

-a nbd:///exportname?socket=/socket

Add a disk located on Network Block Device (nbd) storage.

The /exportname part of the URI specifies an NBD export name, but is usually left empty.

The optional ?socket parameter can be used to specify a Unix domain socket that we talk to the NBD server over. Note that you cannot mix server name (ie. TCP/IP) and socket path.

The equivalent API command would be (no export name):

><fs> add "" protocol:nbd server:[tcp:example.com|unix:/socket]

-a rbd:///pool/disk

-a rbd://example.com[:port]/pool/disk

Add a disk image located on a Ceph (RBD/librbd) storage volume.

Although libguestfs and Ceph supports multiple servers, only a single server can be specified when using this URI syntax.

The equivalent API command would be:

><fs> add pool/disk protocol:rbd server:tcp:example.com:port

-a sheepdog://[example.com[:port]]/volume/image

Add a disk image located on a Sheepdog volume.

The server name is optional. Although libguestfs and Sheepdog supports multiple servers, only at most one server can be specified when using this URI syntax.

The equivalent API command would be:

><fs> add volume protocol:sheepdog [server:tcp:example.com]

-a ssh://[user@]example.com[:port]/disk.img

Add a disk image located on a remote server, accessed using the Secure Shell (ssh) SFTP protocol. SFTP is supported out of the box by all major SSH servers.

The equivalent API command would be:

><fs> add /disk protocol:ssh server:tcp:example.com [username:user]

PROGRESS BARS

Some (not all) long-running commands send progress notification messages as they are running. Guestfish turns these messages into progress bars.

When a command that supports progress bars takes longer than two seconds to run, and if progress bars are enabled, then you will see one appearing below the command:

><fs> copy-size /large-file /another-file 2048M
/ 10% [#####-----------------------------------------] 00:30

The spinner on the left hand side moves round once for every progress notification received from the backend. This is a (reasonably) golden assurance that the command is "doing something" even if the progress bar is not moving, because the command is able to send the progress notifications. When the bar reaches 100% and the command finishes, the spinner disappears.

Progress bars are enabled by default when guestfish is used interactively. You can enable them even for non-interactive modes using --progress-bars, and you can disable them completely using --no-progress-bars.

PROMPT

You can change or add colours to the default prompt (><fs>) by setting the GUESTFISH_PS1 environment variable. A second string (GUESTFISH_OUTPUT) is printed after the command has been entered and before the output, allowing you to control the colour of the output. A third string (GUESTFISH_INIT) is printed before the welcome message, allowing you to control the colour of that message. A fourth string (GUESTFISH_RESTORE) is printed before guestfish exits.

A simple prompt can be set by setting GUESTFISH_PS1 to an alternate string:

$ GUESTFISH_PS1='(type a command) '
$ export GUESTFISH_PS1
$ guestfish
[...]
(type a command) ▂

You can also use special escape sequences, as described in the table below:

\\

A literal backslash character.

\[
\]

(These should only be used in GUESTFISH_PS1.)

Place non-printing characters (eg. terminal control codes for colours) between \[...\]. What this does it to tell the readline(3) library that it should treat this subsequence as zero-width, so that command-line redisplay, editing etc works.

\a

A bell character.

\e

An ASCII ESC (escape) character.

\n

A newline.

\r

A carriage return.

\NNN

The ASCII character whose code is the octal value NNN.

\xNN

The ASCII character whose code is the hex value NN.

EXAMPLES OF PROMPTS

Note these these require a terminal that supports ANSI escape codes.

  • GUESTFISH_PS1='\[\e[1;30m\]><fs>\[\e[0;30m\] '

    A bold black version of the ordinary prompt.

  • GUESTFISH_PS1='\[\e[1;32m\]><fs>\[\e[0;31m\] '
GUESTFISH_OUTPUT='\e[0m'
GUESTFISH_RESTORE="$GUESTFISH_OUTPUT"
GUESTFISH_INIT='\e[1;34m'

    Blue welcome text, green prompt, red commands, black command output.

WINDOWS 8

Windows 8 "fast startup" can prevent guestfish from mounting NTFS partitions. See "WINDOWS HIBERNATION AND WINDOWS 8 FAST STARTUP" in guestfs(3).

GUESTFISH COMMANDS

The commands in this section are guestfish convenience commands, in other words, they are not part of the guestfs(3) API.

help

help
help cmd

Without any parameter, this provides general help.

With a cmd parameter, this displays detailed help for that command.

exit

quit

This exits guestfish. You can also use ^D key.

__FISH_COMMANDS__

COMMANDS

__ACTIONS__

EXIT STATUS

guestfish returns 0 if the commands completed without error, or 1 if there was an error.

ENVIRONMENT VARIABLES

EDITOR

The edit command uses $EDITOR as the editor. If not set, it uses vi.

GUESTFISH_DISPLAY_IMAGE

The display command uses $GUESTFISH_DISPLAY_IMAGE to display images. If not set, it uses display(1).

GUESTFISH_INIT

Printed when guestfish starts. See "PROMPT".

GUESTFISH_OUTPUT

Printed before guestfish output. See "PROMPT".

GUESTFISH_PID

Used with the --remote option to specify the remote guestfish process to control. See section "REMOTE CONTROL GUESTFISH OVER A SOCKET".

GUESTFISH_PS1

Set the command prompt. See "PROMPT".

GUESTFISH_RESTORE

Printed before guestfish exits. See "PROMPT".

HEXEDITOR

The "hexedit" command uses $HEXEDITOR as the external hex editor. If not specified, the external hexedit(1) program is used.

HOME

If compiled with GNU readline support, various files in the home directory can be used. See "FILES".

LIBGUESTFS_APPEND

Pass additional options to the guest kernel.

LIBGUESTFS_ATTACH_METHOD

This is the old way to set LIBGUESTFS_BACKEND.

LIBGUESTFS_BACKEND

Choose the default way to create the appliance. See "guestfs_set_backend" in guestfs(3).

LIBGUESTFS_BACKEND_SETTINGS

A colon-separated list of backend-specific settings. See "BACKEND" in guestfs(3), "BACKEND SETTINGS" in guestfs(3).

LIBGUESTFS_CACHEDIR

The location where libguestfs will cache its appliance, when using a supermin appliance. The appliance is cached and shared between all handles which have the same effective user ID.

If LIBGUESTFS_CACHEDIR is not set, then TMPDIR is used. If TMPDIR is not set, then /var/tmp is used.

See also "LIBGUESTFS_TMPDIR", "set-cachedir".

LIBGUESTFS_DEBUG

Set LIBGUESTFS_DEBUG=1 to enable verbose messages. This has the same effect as using the -v option.

LIBGUESTFS_HV

Set the default hypervisor (usually qemu) binary that libguestfs uses. If not set, then the qemu which was found at compile time by the configure script is used.

LIBGUESTFS_MEMSIZE

Set the memory allocated to the qemu process, in megabytes. For example:

LIBGUESTFS_MEMSIZE=700
LIBGUESTFS_PATH

Set the path that guestfish uses to search for kernel and initrd.img. See the discussion of paths in guestfs(3).

LIBGUESTFS_QEMU

This is the old way to set LIBGUESTFS_HV.

LIBGUESTFS_TMPDIR

The location where libguestfs will store temporary files used by each handle.

If LIBGUESTFS_TMPDIR is not set, then TMPDIR is used. If TMPDIR is not set, then /tmp is used.

See also "LIBGUESTFS_CACHEDIR", "set-tmpdir".

LIBGUESTFS_TRACE

Set LIBGUESTFS_TRACE=1 to enable command traces.

PAGER

The more command uses $PAGER as the pager. If not set, it uses more.

PATH

Libguestfs and guestfish may run some external programs, and rely on $PATH being set to a reasonable value. If using the libvirt backend, libvirt will not work at all unless $PATH contains the path of qemu/KVM.

SUPERMIN_KERNEL
SUPERMIN_KERNEL_VERSION
SUPERMIN_MODULES

These three environment variables allow the kernel that libguestfs uses in the appliance to be selected. If $SUPERMIN_KERNEL is not set, then the most recent host kernel is chosen. For more information about kernel selection, see supermin(1).

TMPDIR

See "LIBGUESTFS_CACHEDIR", "LIBGUESTFS_TMPDIR".

FILES

$XDG_CONFIG_HOME/libguestfs/libguestfs-tools.conf
$HOME/.libguestfs-tools.rc
$XDG_CONFIG_DIRS/libguestfs/libguestfs-tools.conf
/etc/libguestfs-tools.conf

This configuration file controls the default read-only or read-write mode (--ro or --rw).

See libguestfs-tools.conf(5).

$HOME/.guestfish

If compiled with GNU readline support, then the command history is saved in this file.

$HOME/.inputrc
/etc/inputrc

If compiled with GNU readline support, then these files can be used to configure readline. For further information, please see "INITIALIZATION FILE" in readline(3).

To write rules which only apply to guestfish, use:

$if guestfish
...
$endif

Variables that you can set in inputrc that change the behaviour of guestfish in useful ways include:

completion-ignore-case (default: on)

By default, guestfish will ignore case when tab-completing paths on the disk. Use:

set completion-ignore-case off

to make guestfish case sensitive.

test1.img
test2.img (etc)

When using the -N or --new option, the prepared disk or filesystem will be created in the file test1.img in the current directory. The second use of -N will use test2.img and so on. Any existing file with the same name will be overwritten. You can use a different filename by using the filename= prefix.

SEE ALSO

guestfs(3), http://libguestfs.org/, virt-alignment-scan(1), virt-builder(1), virt-cat(1), virt-copy-in(1), virt-copy-out(1), virt-customize(1), virt-df(1), virt-diff(1), virt-edit(1), virt-filesystems(1), virt-inspector(1), virt-list-filesystems(1), virt-list-partitions(1), virt-log(1), virt-ls(1), virt-make-fs(1), virt-p2v(1), virt-rescue(1), virt-resize(1), virt-sparsify(1), virt-sysprep(1), virt-tar(1), virt-tar-in(1), virt-tar-out(1), virt-v2v(1), virt-win-reg(1), libguestfs-tools.conf(5), display(1), hexedit(1), supermin(1).

AUTHORS

Richard W.M. Jones (rjones at redhat dot com)

COPYRIGHT

Copyright (C) 2009-2015 Red Hat Inc.

POD ERRORS

Hey! The above document had some coding errors, which are explained below:

Around line 1276:

Non-ASCII character seen before =encoding in '▂'. Assuming UTF-8